Thousands of Sites with Popup Builder Compromised by Balada Injector
Denis Sinegubko On December 11, 2023 WPScan published Marc Montpas’ research on the stored XSS vulnerability in the popular Popup Builder plugin (200,000+ active installation) that was…
Browsing Tag
Balada Injector
40 posts
Balada Injector Targets Unpatched tagDiv Plugin, Newspaper Theme & WordPress Admins
In the middle of September 2023, vulnerability advisory resources disclosed the details of an Unauthenticated Stored XSS vulnerability in the tagDiv Composer (the companion plugin…
Vulnerability in Essential Addons for Elementor Leads to Mass Infection
Ben Martin On May 11th, 2023, the very popular WordPress plugin Essential Addons for Elementor released a patch for a critical privilege escalation vulnerability, initially discovered by…
Balada Injector: Synopsis of a Massive Ongoing WordPress Malware Campaign
Our team at Sucuri has been tracking a massive WordPress infection campaign since 2017 — but up until recently never bothered to give it a…
Hacked Website Threat Report – 2022
Rianna MacLeod Education is crucial in defending your website against emerging threats. That’s why we are thrilled to share our 2022 Website Threat Research Report. Disseminating this…
Massive Campaign Uses Hacked WordPress Sites as Platform for Black Hat Ad Network
Every so often attackers register a new domain to host their malware. In many cases, these new domains are associated with specific malware campaigns, often…
Top Ten Most Cumbersome Website Infections to Remove in 2021
In today’s post we’re going to be going over the top ten most cumbersome website infections to remove, based on the sheer number of files…
Massive WordPress JavaScript Injection Campaign Redirects to Ads
Krasimir Konov Our remediation and research teams regularly find malicious redirects on client sites. These infections automatically redirect site visitors to third-party websites with malicious resources, scam…
Website Malware Guide: How to Fix the WordPress Redirect Hack
If you’ve recently discovered that your WordPress site is redirecting other sites or unwanted ads, then your website may have been hacked. The WordPress redirect…
Vulnerabilities Digest: July 2020
John Castro Relevant Plugins and Vulnerabilities: Plugin Vulnerability Patched Version Installs Asset CleanUp: Page Speed Authenticated XSS 1.4.6.7 80000 Quiz And Survey Master Authenticated Stored XSS 7.0.0…
Vulnerabilities Digest: June 2020
Highlights for June 2020 Cross site scripting is still the most common vulnerability in WordPress Plugins. Bad actors are taking advantage of the lack of…