WordPress Woes: Popup Builder Plugin Vulnerability Infects Thousands of Sites!

Say goodbye to peace of mind if your WordPress site’s Popup Builder is as outdated as your high school hairstyle. Over 3,300 websites are now malware motels, all thanks to a sneaky XSS vulnerability. Patch up, or play host to the web’s worst. #WordPressSecurity #PopupBuilderPanic

Hot Take:

Well, well, well, if it isn’t our old friend, the “I’ll do it tomorrow” syndrome hitting WordPress site admins right in the vulnerabilities. Who would’ve thought that not updating your plugins could lead to a cyber fiasco? Oh wait, that’s right, everyone. And yet, here we are, watching Popup Builder turn into Popup Invader. Let’s pop into the details faster than you can say, “Update available!”

Key Points:

  • Old versions of Popup Builder plugin are like candy for hackers: sweet, easy to snatch, and over 3,300 WordPress sites got a taste of the toothache.
  • “Hey, click me!” said the XSS vulnerability, CVE-2023-6000, to the Balada Injector campaign, leading to a digital masquerade of over 6,700 websites.
  • Sucuri is waving red flags about a new hacking campaign, proving that procrastination in updates is the best friend of cyber mischief.
  • Malicious code in these attacks is like a ninja, hiding in the ‘wp_postmeta’ database table and jumping out during popup events.
  • If Popup Builder is your plugin of choice, it’s time to evolve to version 4.2.7 or risk turning your website into a redirect carnival.
Title: Popup Builder < 4.2.3 - Unauthenticated Stored XSS
Cve id: CVE-2023-6000
Cve state: PUBLISHED
Cve assigner short name: WPScan
Cve date updated: 01/01/2024
Cve description: The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks.

Need to know more?

Popup Builder Goes Rogue

Imagine a world where your friendly neighborhood Popup Builder decides to join the dark side. That's essentially what's happening to WordPress sites that haven't updated their plugins since the last time bell-bottoms were in fashion. The CVE-2023-6000 vulnerability in versions 4.2.3 and below has become a VIP pass for hackers, and they're RSVPing 'Yes' to the chaos party in droves, with 3,329 sites currently serving up a side of malware with their content.

Malware Masquerade Ball

These cybercriminals aren't just content with crashing the party; they're doing the tango with your Popup Builder events. Whenever a popup, well, pops up, the malicious code gets its groove on, leading unsuspecting visitors down a path of phishing pages and malware-dropping soirees. And just when you thought it couldn't get worse, they've got redirects hidden up their sleeves, whisking users away to their nefarious sites faster than you can say "Where am I?"

Block Party

Now, don't think it's all doom and gloom. Our cybersecurity heroes at Sucuri have pinpointed the attack's origin to a couple of shady domains. Pull up your cyber drawbridges and block "ttincoming.traveltraffic[.]cc" and "host.cloudsonicwave[.]com" to keep the party crashers at bay. But the real MVP move? Just update your Popup Builder plugin to version 4.2.7, and you can dance the night away, worry-free.

Updating: Not Just a Recommendation Anymore

Let's face it, we all know that one person who never updates their software. But if you're in charge of a WordPress site and you're that person, you're basically rolling out the red carpet for hackers. With over 80,000 sites still using the Popup Builder equivalent of a flip phone, the potential for digital disaster is like a ticking time bomb. So, if you want to avoid turning your website into a hacker's paradise, hit that update button like it's the "Next Episode" on your favorite binge-worthy series.

Post-Infection Cleanup

In the unfortunate event that your site has already been turned into a zombie in this digital apocalypse, fear not. Cleaning up the infection is like a game of Whack-a-Mole, involving deleting those nasty entries and scanning for any backdoors that the hackers left behind. Think of it as digital pest control, ensuring your site is bug-free and ready to welcome visitors without any unpleasant surprises.

Tags: code injections, Cross-Site Scripting, CVE-2023-6000, plugin vulnerability, Popup Builder, website infection, WordPress Security, XSS