Hundreds of WordPress websites have been hacked by way of tagDiv plugin vulnerability

Thousands of WordPress sites have been hacked through tagDiv plugin vulnerability

Enlarge (credit score: Getty Photographs)

Hundreds of websites working the WordPress content material administration system have been hacked by a prolific menace actor that exploited a just lately patched vulnerability in a broadly used plugin.

The weak plugin, referred to as tagDiv Composer, is a compulsory requirement for utilizing two WordPress themes: Newspaper and Newsmag. The themes can be found by way of the Theme Forest and Envato marketplaces and have greater than 155,000 downloads.

Tracked as CVE-2023-3169, the vulnerability is what’s referred to as a cross-site scripting (XSS) flaw that permits hackers to inject malicious code into webpages. Found by Vietnamese researcher Truoc Phan, the vulnerability carries a severity ranking of seven.1 out of a attainable 10. It was partially mounted in tagDiv Composer model 4.1 and totally patched in 4.2.

Learn eight remaining paragraphs | Feedback

Leave a Reply

Your email address will not be published. Required fields are marked *