back to top

Over 3,000 WordPress Websites Compromised Due to Delayed Vulnerability Patching

More than 3,000 WordPress-operated websites were compromised due to failing to update a recognized vulnerability swiftly enough, according to a report from cybersecurity researchers Sucuri and PublicWWW.

Sucuri states that during the past few weeks, unnamed malicious actors were exploiting a vulnerability identified as CVE-2023-6000 to divert individuals to harmful websites. This vulnerability, described as cross-site scripting (XSS) weakness, was uncovered in Popup Builder version 4.2.3 and earlier, in November of the previous year.

Popup Builder is a well-liked extension for WordPress websites which, as its name implies, enables website administrators to construct and release popup windows. According to WordPress statistics, there are over 80,000 websites currently utilizing Popup Builder 4.1 and previous versions. These outdated editions, vulnerable to an exploit, enable malicious actors to introduce harmful code within the WordPress website.

Over 3,000 WordPress Websites Compromised Due to Delayed Vulnerability Patching

This script, the researchers elucidate, can reroute visitors to harmful websites, such as fraudulent sites, pages housing malware, and others.

Sucuri asserts that 1,170 websites have been compromised via this glitch in the past few weeks, while PublicWWW estimates the number at approximately 3,300.

To safeguard against these assailants, website administrators can take some measures: Initially – they can (and ought to) update their extensions. Popup Builder rectified the weakness in version 4.2.7.

Website administrators should also scrutinize their site’s code for malevolent entries from the extension’s personalized sections. Additionally, they should inspect for concealed backdoors to thwart the assailants from re-entering. Lastly, they should bar “ttincoming.traveltraffic[.]cc” and “host. cloudsonicwave[.]com” domains, as that is where the attacks originate.

Assaults against WordPress extensions and templates are nothing novel. As WordPress is generally deemed a secure web hosting and design platform, malevolent actors usually seek vulnerabilities in third-party augmentations.

More like this