Recently, a vulnerability in the TagDiv Composer plugin associated with Newspaper and Newsmag themes has been exploited to hack thousands of WordPress sites as part of the Balada Injector campaign. The vulnerability, known as CVE-2023-3169, allows for stored cross-site scripting (XSS) attacks. The Balada Injector threat group has been active for many years and typically redirects website visitors to fake tech support and scam sites. Sucuri has identified over 17,000 infected websites, with 9,000 related to the TagDiv plugin vulnerability. It's important for WordPress site owners to protect against these attacks. #WordPress #TagDiv #vulnerability #cybersecurity #hacking

https://www.securityweek.com/recently-patched-tagdiv-plugin-flaw-exploited-to-hack-thousands-of-wordpress-sites/