How can I protect users of my web resource from being compromised?
In the past three weeks, more than 3,900 WordPress sites have been attacked as part of a new malicious campaign, the main purpose of which was to exploit a vulnerability in the Popup Builder plugin to inject malicious JavaScript content on sites.
Sucuri report that attacks are being conducted from domains registered less than a month ago, starting from February 12, 2024. The main attack vector is related to the CVE-2023-6000 vulnerability, through which attackers create fake administrator accounts and install arbitrary plugins.
Earlier, the same vulnerability was already used by hackers to compromise at least 7,000 websites as part of a malicious operation using Balada Injector. Meanwhile, a new series of attacks introduces two more variants of malicious code aimed at redirecting site visitors to phishing and fraudulent pages.
WordPress site owners are strongly encouraged to update the Popup Builder plugin to the latest version if they haven't already done so for some reason. As you can see, attackers are actively exploiting the CVE-2023-6000 vulnerability and will continue to do so as long as there are vulnerable instances of the plugin on the network.
In addition, Wordfence, a WordPress security company, recently discovered a high-level vulnerability in another popular plugin, Ultimate Member. The vulnerability, designated CVE-2024-2123 with a CVSS rating of 7.2, affects all versions of the plugin up to and including 2.8.3 and was fixed in version 2.8.4, released on March 6, 2024. The problem lies in insufficient input sanitization and output escaping, which allows unverified attackers to inject arbitrary web scripts.
Both events described above follow the discovery of another vulnerability that allows you to upload any files on the server in the Avada theme for WordPress. This vulnerability, which was identified as CVE-2024-1468, was also recently patched.
Experts emphasize the importance of timely updating the software of sites and plugins to prevent such attacks. Only administrators are responsible for the security of their web resources and their visitors. That is why you should always pay special attention to timely updates of your site's software.
In the past three weeks, more than 3,900 WordPress sites have been attacked as part of a new malicious campaign, the main purpose of which was to exploit a vulnerability in the Popup Builder plugin to inject malicious JavaScript content on sites.
Sucuri report that attacks are being conducted from domains registered less than a month ago, starting from February 12, 2024. The main attack vector is related to the CVE-2023-6000 vulnerability, through which attackers create fake administrator accounts and install arbitrary plugins.
Earlier, the same vulnerability was already used by hackers to compromise at least 7,000 websites as part of a malicious operation using Balada Injector. Meanwhile, a new series of attacks introduces two more variants of malicious code aimed at redirecting site visitors to phishing and fraudulent pages.
WordPress site owners are strongly encouraged to update the Popup Builder plugin to the latest version if they haven't already done so for some reason. As you can see, attackers are actively exploiting the CVE-2023-6000 vulnerability and will continue to do so as long as there are vulnerable instances of the plugin on the network.
In addition, Wordfence, a WordPress security company, recently discovered a high-level vulnerability in another popular plugin, Ultimate Member. The vulnerability, designated CVE-2024-2123 with a CVSS rating of 7.2, affects all versions of the plugin up to and including 2.8.3 and was fixed in version 2.8.4, released on March 6, 2024. The problem lies in insufficient input sanitization and output escaping, which allows unverified attackers to inject arbitrary web scripts.
Both events described above follow the discovery of another vulnerability that allows you to upload any files on the server in the Avada theme for WordPress. This vulnerability, which was identified as CVE-2024-1468, was also recently patched.
Experts emphasize the importance of timely updating the software of sites and plugins to prevent such attacks. Only administrators are responsible for the security of their web resources and their visitors. That is why you should always pay special attention to timely updates of your site's software.
