Urgent Security Advisory: WordPress Popup Builder Exploitation – Take Immediate Action
Hackers are exploiting a vulnerability (CVE-2023-6000) in outdated versions of the Popup Builder plugin for WordPress, infecting over 3,300 websites. This cross-site scripting (XSS) flaw affects Popup Builder versions 4.2.3 and older, initially disclosed in November 2023. Despite a prior Balada Injector campaign affecting 6,700 websites, a new surge has been observed in the past three weeks, indicating delayed patching by site administrators.
The attacks target the ‘wp_postmeta’ database table, infecting Custom JavaScript or Custom CSS sections in the WordPress admin interface. The injected code serves as event handlers for Popup Builder plugin actions, leading to various outcomes, including redirecting visitors to phishing pages and malware distribution sites.
Sucuri reports 3,329 WordPress sites affected, with 1,170 infections detected by its scanners. Malicious domains include “ttincoming.traveltraffic[.]cc” and “host.cloudsonicwave[.]com,” recommended for blocking.
To defend against these attacks:
- Upgrade Popup Builder to the latest version (4.2.7), addressing CVE-2023-6000 and other security issues.
- Block domains “ttincoming.traveltraffic[.]cc” and “host.cloudsonicwave[.]com.”
- For infected sites, remove malicious entries from Popup Builder’s custom sections and scan for hidden backdoors to prevent reinfection.
Considering that over 80,000 active sites still use Popup Builder 4.1 and older, prompt action is crucial to mitigate the risk of further exploitation.
Get In Touch
Share On Social Media
Other Recent Blog Articles
Podcast: Returning Special Guest Erik Swanson of Cardinal Services
We’re thrilled to welcome Erik Swanson of Cardinal Services as our returning special guest. Erik brings a wealth of expertise in the intersection of IT and HR, shedding light on…
Read MoreWells Fargo is back in the News!
Wells Fargo is back in the news, but this time it is because of a data breach. Banking giant Wells Fargo has sent a data breach notice to some customers.…
Read MoreSafeguard Your Small Business: The Vital Role of IT Managed Services in Preventing Catastrophic Outages
In the fast-paced world of modern business, the reliance on technology has never been more significant. However, with this reliance comes the looming threat of cyberattacks, as evidenced by the…
Read More