Security News > 2023 > October > Over 17,000 WordPress sites hacked in Balada Injector attacks last month

Over 17,000 WordPress sites hacked in Balada Injector attacks last month
2023-10-09 19:23

Multiple Balada Injector campaigns have compromised and infected over 17,000 WordPress sites using known flaws in premium theme plugins.

Balada Injector is a massive operation discovered in December 2022 by Dr. Web, which has been leveraging various exploits for known WordPress plugin and theme flaws to inject a Linux backdoor.

In April 2023, Sucuri reported that Balada Injector has been active since 2017 and estimated that it had compromised nearly one million WordPress sites.

These attacks align with a campaign shared with BleepingComputer in late September when admins reported on Reddit that numerous WordPress sites were infected with a malicious plugin called wp-zexit.

In general, Sucuri says it detected Balada Injector on over 17,000 WordPress sites in September 2023, with more than half achieved by exploiting CVE-2023-3169.

Sucuri's free-to-access scanner detects most Balada Injector variants, so you may want to use it to scan your WordPress install for compromise.


News URL

https://www.bleepingcomputer.com/news/security/over-17-000-wordpress-sites-hacked-in-balada-injector-attacks-last-month/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-09-11 CVE-2023-3169 Unspecified vulnerability in Tagdiv Composer
The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as escape some parameters when outputting them back, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks.
network
low complexity
tagdiv
6.1

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Wordpress 7 2 93 44 18 157