Global CyberSecurity

Balada Injector Targets Unpatched tagDiv Plugin, Newspaper Theme & WordPress Admins

0

Published on 10/06/2023 – Last Updated on 10/07/2023 by OTC

In the middle of September 2023, vulnerability advisory resources disclosed the details of an Unauthenticated Stored XSS vulnerability in the tagDiv Composer (the companion plugin for the popular tagDiv premium themes Newspaper and Newsmag). Shortly after that, we started noticing new waves of Balada malware injections on websites that were actively using tagDiv themes.

This is not the first time that the Balada Injector gang has targeted vulnerabilities in tagDivโ€™s premium themes. One of the earliest massive malware injections that we could attribute to this campaign took place during the summer of 2017, where disclosed security bugs in Newspaper and Newsmag WordPress themes were actively abused.

Continue reading Balada Injector Targets Unpatched tagDiv Plugin, Newspaper Theme & WordPress Admins at Sucuri Blog.

Slovenian Strix company develops first stealth & waterproof electric e-motorbike for Special Forces

Previous article

Password Security & Password Managers

Next article

You may also like

Comments

Comments are closed.