More than 3,300 WordPress websites using old iterations of the Popup Builder plugin vulnerable to the cross-site scripting bug, tracked as CVE-2023-6000, have been breached in a new malware campaign, reports BleepingComputer.
Attackers exploited the vulnerability to facilitate malicious code injections into the WordPress admin interface's Custom JavaScript or Custom CSS sections, with the code stored in the 'wp_postmeta' database table, according to a report from Sucuri. Despite the presence of several code injection variants for different plugin events, all injections were noted to facilitate redirections to malware downloading and phishing websites, said researchers. With more than 80,000 sites still leveraging outdated Popup Builder versions, website owners have been urged to not only immediately update to version 4.2.7 of the plugin but also block the "ttincoming.traveltraffic[.]cc" and "host.cloudsonicwave[.]com" domains to circumvent attacks. On the other hand, already compromised websites should have the malicious code from the plugin's custom sections removed and scanned, researchers added.
