You Should Probably Update Your WordPress Site

While it is always (always!) a best practice to keep your websites up to date with the latest maintenance and security patches, you should ensure your site is updated in light of major documented security breaches. And if you’re a client of ours under maintenance, don’t worry, your site was already taken care of as part of our maintenance services. .

A critical security flaw was recently uncovered within the TagDiv Composer plugin, commonly used in WordPress themes such as Newspaper and Newsmag. This vulnerability, known as CVE-2023-3169, allowed malicious actors to execute stored cross-site scripting (XSS) attacks, a method of injecting harmful code into websites. The good news is that this vulnerability has been rectified in the release of TagDiv Composer version 4.2.

The individuals behind the Balada Injector campaign, a well-established entity in the cybersecurity landscape, were found to be exploiting this flaw. This group is notorious for its tactics of redirecting website visitors to deceptive tech support portals, fraudulent lottery schemes, and other malicious websites. Troublingly, this campaign has been active since 2017, with estimates from the web security firm Sucuri suggesting that over a million WordPress sites had already fallen victim to it even before recent incidents came to light.

In the most recent wave of attacks, Sucuri reported that more than 17,000 websites were infected with Balada Injector malware. What’s particularly concerning is that approximately 9,000 of these infections were directly linked to the exploitation of the TagDiv plugin vulnerability. Attackers employed a sophisticated approach, utilizing CVE-2023-3169 to implant malicious code directly into the WordPress database, ensuring its presence on every public page of the targeted website.

Moreover, once the attackers gained initial access to a site, they typically executed multiple malicious activities, such as uploading backdoors, integrating malicious plugins, and establishing admin accounts. These actions allowed them to expand their control over the compromised sites and maintain persistent access.

In response to these threats, Sucuri has provided a detailed blog post outlining technical details and indicators of compromise (IoCs) that can aid website owners in identifying whether their WordPress sites have been targeted by the Balada Injector campaign. Furthermore, they’ve shared valuable recommendations for enhancing website security to mitigate the risks associated with such attacks. This recent incident serves as a stark reminder of the ongoing challenges in safeguarding WordPress websites against evolving cyber threats.

If you require assistance in updating or securing your WordPress website, don’t hesitate to reach out to us. Our expert WordPress developers are available to ensure that your site is fortified against the ever-evolving landscape of online security threats. Stay vigilant and stay safe!

In response to these threats, Sucuri has provided a detailed blog post outlining technical details and indicators of compromise (IoCs) that can aid website owners in identifying whether their WordPress sites have been targeted by the Balada Injector campaign. Moreover, they’ve shared valuable recommendations for enhancing website security to mitigate the risks associated with such attacks. This recent incident serves as a stark reminder of the ongoing challenges in safeguarding WordPress websites against evolving cyber threats.

Should you need any help updating or securing your Wordpress website, get in touch with us and our expert Wordpress developers will ensure your site is secured and guarded from the ever-evolving security threats online. Stay safe out there!

Team KallistoArt