Over 3,300 Sites Infected by Hackers Exploiting Popup Builder Plugin Vulnerability

Hackers are exploiting a vulnerability in outdated versions of the Popup Builder WordPress plugin to infect sites with malicious code. Over 3,300 sites infected so far.

The attacks exploit a cross-site scripting flaw tracked as CVE-2023-6000 impacting Popup Builder versions 4.2.3 and older.

Injected malicious code acts as event handlers for Popup Builder plugin events, redirecting visitors to phishing and malware sites.

Variants retrieve external snippets injecting additional malicious code capable of more severe actions than just redirections.

Sites should upgrade Popup Builder to v4.2.7, delete custom injections, and scan for backdoors. At least 80,000 active WordPress sites remain vulnerable.