Hundreds of websites working the WordPress content material administration system have been hacked by a prolific menace actor that exploited a just lately patched vulnerability in a broadly used plugin.
The weak plugin, referred to as tagDiv Composer, is a compulsory requirement for utilizing two WordPress themes: Newspaper and Newsmag. The themes can be found by way of the Theme Forest and Envato marketplaces and have greater than 155,000 downloads.
Tracked as CVE-2023-3169, the vulnerability is what’s referred to as a cross-site scripting (XSS) flaw that permits hackers to inject malicious code into webpages. Found by Vietnamese researcher Truoc Phan, the vulnerability carries a severity ranking of seven.1 out of a attainable 10. It was partially mounted in tagDiv Composer model 4.1 and totally patched in 4.2.
Learn eight remaining paragraphs | Feedback