Lucene search
K

7 matches found

The Hacker News
The Hacker News
added 2024/03/12 9:15 a.m.87 views

Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ Sites

A new malware campaign is leveraging a high-severity security flaw in the Popup Builder plugin for WordPress to inject malicious JavaScript code. According to Sucuri, the campaign has infected more than 3,900 sites over the past three weeks. "These attacks are orchestrated from domains less than ...

9.8CVSS7.2AI score0.89431EPSS
Exploits12
The Hacker News
The Hacker News
added 2024/01/15 7:45 a.m.59 views

Balada Injector Infects Over 7,100 WordPress Sites Using Plugin Vulnerability

Thousands of WordPress sites using a vulnerable version of the Popup Builder plugin have been compromised with a malware called Balada Injector. First documented by Doctor Web in January 2023, the campaign takes place in a series of periodic attack waves, weaponizing security flaws in WordPress...

6.1CVSS6.7AI score0.01999EPSS
Exploits4
Circl
Circl
added 2024/01/01 4:26 p.m.7 views

CVE-2023-6000

creationtimestamp| type| source ---|---|--- 2024-01-01 16:26:19+00:00| seen| https://t.me/ctinow/161360 2024-01-02 01:30:50+00:00| seen| https://t.me/cibsecurity/74087 2024-01-08 19:16:34+00:00| seen| https://t.me/ctinow/164559 2024-01-14 11:41:42+00:00| seen| https://t.me/ctinow/168003 2024-01-1...

6.1CVSS7.5AI score0.01999EPSS
Exploits4References6
Vulnrichment
Vulnrichment
added 2024/01/01 2:18 p.m.6 views

CVE-2023-6000 Popup Builder < 4.2.3 - Unauthenticated Stored XSS

The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks...

6.3AI score0.01999EPSS
Exploits4References2
Cvelist
Cvelist
added 2024/01/01 2:18 p.m.34 views

CVE-2023-6000 Popup Builder < 4.2.3 - Unauthenticated Stored XSS

The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks...

6AI score0.01999EPSS
Exploits4References2
CVE
CVE
added 2024/01/01 2:18 p.m.231 views

CVE-2023-6000

CVE-2023-6000 concerns the WordPress plugin Popup Builder (versions before 4.2.3). The issue is an unauthenticated Stored XSS: attackers can update existing popups and inject raw JavaScript, which executes in users’ browsers. The vulnerability stems from insufficient input validation when saving/...

6.1CVSS6.2AI score0.01999EPSS
Exploits4References2Affected Software1
Patchstack
Patchstack
added 2023/12/12 12:0 a.m.20 views

WordPress Popup Builder Plugin < 4.2.3 is vulnerable to Cross Site Scripting (XSS)

Software Popup Builder Type Plugin Vulnerable versions 4.2.3 Fixed in 4.2.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6000 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 14212aacf7f9 Credits Marc Montpas Required...

6.1CVSS5.8AI score0.01999EPSS
Exploits4References4Affected Software1
Rows per page
Query Builder