3,900+ WordPress Sites Infected by Malware Campaign Exploiting Popup Builder Plugin

WordPress Sites Infected by Malware

Published on March 20th, 2024

A new malware campaign is leveraging a critical security flaw (CVE-2023-6000) in the Popup Builder plugin for WordPress. This vulnerability allows attackers to inject malicious JavaScript code that redirects unsuspecting visitors to phishing and scam websites.

Sucuri security researchers report that over 3,900 sites have been infected in the past three weeks. These attacks originated from recently registered domains (February 12th, 2024), highlighting the fast-moving nature of this campaign.

This exploit is similar to the Balada Injector campaign that compromised roughly 7,000 sites earlier this year. The latest attack injects malicious code with two variations, both designed to redirect website traffic.

You May Also Like: WordPress Hacked: Should You Be Worried?

What WordPress Site Owners Should Do

WordPress Sites Infected by Malware Campaign Exploiting Popup Builder Plugin

  • Update your plugins immediately! Patching Popup Builder is the most crucial step to prevent further infection.
  • Scan your website for suspicious code or users. Take appropriate action to clean up any malware that may have infiltrated your site.
  • Stay vigilant! This incident underscores the importance of keeping your WordPress software up-to-date.

You May Also Like: 11 Most Popular Plugins For WordPress

This isn’t the only recent WordPress security concern. Here are two additional vulnerabilities to be aware of:

  • Ultimate Member plugin (all versions before 2.8.4) is susceptible to cross-site scripting (XSS) attacks (CVE-2024-2123). This flaw could allow attackers to inject malicious scripts and potentially gain administrative access to your website. Update to version 2.8.4 for a fix.
  • Avada WordPress theme (versions before 7.11.5) has an arbitrary file upload vulnerability (CVE-2024-1468). This could allow attackers to upload malicious files and potentially take control of your website. Update to version 7.11.5 to address this vulnerability.

By keeping your WordPress software updated and actively monitoring your website, you can significantly reduce the risk of falling victim to these types of attacks.