Lucene search
HiveForce LabsHIVEPRO:E9DB45127DF1CB96E94F01C8CD38CF29HistoryOct 14, 2023 - 12:27 p.m.
Balada Injector A Large-Scale Malware Campaign Targeting WordPress
2023-10-1412:27:23
HiveForce Labs
www.hivepro.com
24
balada injector
malware
wordpress
tagdiv composer
vulnerability
xss
hiveforce labs
EPSS
0.001
Percentile
42.2%
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In September 2023, over 17,000 WordPress websites fell victim to a malware called Balada Injector. The substantial surge in attacks is linked to the exploitation of a recently disclosed security vulnerability found in the tagDiv Composer plugin (CVE-2023-3169). This specific vulnerability allows unauthenticated users to execute stored cross-site scripting (XSS) attacks on vulnerable websites. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.
Related
thn
thn
Over 17,000 WordPress Sites Compromised by Balada Injector in September 2023
2023-10-11 12:41:00
vulnrichment
vulnrichment
CVE-2023-3169 tagDiv Composer < 4.2 - Unauthenticated Stored XSS
2023-09-11 19:46:07
prion
prion
Cross site scripting
2023-09-11 20:15:00
wpvulndb
wpvulndb
tagDiv Composer < 4.2 - Unauthenticated Stored XSS
2023-08-17 00:00:00
cvelist
cvelist
CVE-2023-3169 tagDiv Composer < 4.2 - Unauthenticated Stored XSS
2023-09-11 19:46:07
wpexploit
wpexploit
tagDiv Composer < 4.2 - Unauthenticated Stored XSS
2023-08-17 00:00:00
nvd
nvd
CVE-2023-3169
2023-09-11 20:15:09
cve
cve
CVE-2023-3169
2023-09-11 20:15:09
wordfence
wordfence