Balada Injector A Large-Scale Malware Campaign Targeting WordPress

Threat Level – Red | Vulnerability Report
Download PDF

In September 2023, over 17,000 WordPress websites fell victim to a malware called Balada Injector. The substantial surge in attacks is linked to the exploitation of a recently disclosed security vulnerability found in the tagDiv Composer plugin (CVE-2023-3169). This specific vulnerability allows unauthenticated users to execute stored cross-site scripting (XSS) attacks on vulnerable websites.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox