7 matches found
Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ Sites
A new malware campaign is leveraging a high-severity security flaw in the Popup Builder plugin for WordPress to inject malicious JavaScript code. According to Sucuri, the campaign has infected more than 3,900 sites over the past three weeks. "These attacks are orchestrated from domains less than ...
Balada Injector Infects Over 7,100 WordPress Sites Using Plugin Vulnerability
Thousands of WordPress sites using a vulnerable version of the Popup Builder plugin have been compromised with a malware called Balada Injector. First documented by Doctor Web in January 2023, the campaign takes place in a series of periodic attack waves, weaponizing security flaws in WordPress...
CVE-2023-6000
creationtimestamp| type| source ---|---|--- 2024-01-01 16:26:19+00:00| seen| https://t.me/ctinow/161360 2024-01-02 01:30:50+00:00| seen| https://t.me/cibsecurity/74087 2024-01-08 19:16:34+00:00| seen| https://t.me/ctinow/164559 2024-01-14 11:41:42+00:00| seen| https://t.me/ctinow/168003 2024-01-1...
CVE-2023-6000 Popup Builder < 4.2.3 - Unauthenticated Stored XSS
The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks...
CVE-2023-6000 Popup Builder < 4.2.3 - Unauthenticated Stored XSS
The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks...
CVE-2023-6000
CVE-2023-6000 concerns the WordPress plugin Popup Builder (versions before 4.2.3). The issue is an unauthenticated Stored XSS: attackers can update existing popups and inject raw JavaScript, which executes in users’ browsers. The vulnerability stems from insufficient input validation when saving/...
WordPress Popup Builder Plugin < 4.2.3 is vulnerable to Cross Site Scripting (XSS)
Software Popup Builder Type Plugin Vulnerable versions 4.2.3 Fixed in 4.2.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6000 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 14212aacf7f9 Credits Marc Montpas Required...