2 min

Thousands of WordPress websites have fallen victim to a hack on the tagDiv plug-in. Hackers infected this plug-in with the Balada Injector.

155,000 WordPress websites are working with the hacked plug-in, according to figures from EnvatoMarkets. The plug-in in question is necessary to obtain two WordPress themes, Newspaper and Newsmag.

Version 4.2 is safe

The vulnerability allows hackers to run malicious code inside WordPress sites. More specifically, it is a cross-site scripting (XSS) vulnerability.

Following the announcement of vulnerability CVE-2023-3169, a patch was already released for the plug-in. Hackers can, however, still exploit the vulnerability if the website is still running on an old version of the plug-in. Version 4.1 of tagDiv partially fixes the problem, and only version 4.2 is completely secure.

Redirects to scam sites

Last month, at least 17,000 sites fell prey to Balada, according to figures from security specialist Sucuri. Through the vulnerability, hackers run scripts that do not let visitors go through the website they want to reach. Instead, Balada redirects visitors to scam sites, such as fake reports about winning the lottery or websites that try to trick users into signing up for a newsletter.

The Balada Injector is not a new malware, by the way. Sucuri has been monitoring the activities of this malware since 2017 and has seen more than one million websites infected over the past six years. Because of its longer history, hackers’ patterns are already familiar: “Balada Injector hackers always strive for continuous control of infected sites by uploading backdoors, adding malicious plug-ins and creating rogue blog administrators.”

Websites using the tagDiv plug-in are asked to review site and event logs for signs of infection. If a malicious script is found, it is important to check admin accounts. After all, hackers create a fake account to inject the script and continue to use this account once they notice the script was removed.

Also read: WordPress now offers 100-year domain registration