We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

WordPress Popup Plugin Exploited, Infecting 3900 Sites

WordPress Popup Plugin Exploited, Infecting 3900 Sites
Keira Waddell Published on 12th March 2024 Former Senior Writer

Over 3,300 WordPress websites have been compromised through vulnerabilities in the Popup Builder plugin. Security researchers at Sucuri have identified the flaw, CVE-2023-6000, in versions 4.2.3 and older of the plugin. It has led to a surge in malicious activities across the internet.

The vulnerability allows for cross-site scripting (XSS) attacks, wherein attackers can inject malicious JavaScript into the websites' popups. This flaw was first disclosed in November 2023 but has since seen an alarming rate of exploitation. Despite warnings and the availability of updates to patch the vulnerability, many site administrators have not taken timely action, leading to the compromise.

The attacks have been sophisticated, with hackers injecting code into the Custom JavaScript or CSS sections of the WordPress admin interface. This code acts as event handlers for various stages of the popup display process, executing malicious scripts that can redirect visitors to phishing sites or other malicious destinations. PublicWWW data revealed that code injections linked to this campaign can be found on 3926 websites at the time of writing.

Attackers have been using domains registered as recently as February 2024, such as “ttincoming.traveltraffic[.]cc” and “host.cloudsonicwave[.]com,” to orchestrate their campaigns.

Security experts are urging WordPress site administrators to take immediate action to secure their sites. This includes updating the Popup Builder plugin to the latest version, which addresses CVE-2023-6000 and other security issues. Furthermore, site administrators are advised to thoroughly scan their sites for malicious injections and hidden backdoors.

As the attacks originate from identifiable domains, blocking these has been recommended as a temporary measure. However, the broader solution lies in heightened vigilance and prompt application of security updates.

About the Author

Keira was a senior writer at vpnMentor. She is an experienced cybersecurity and tech writer dedicated to providing comprehensive insights on VPNs, online privacy, and internet censorship.

Please, comment on how to improve this article. Your feedback matters!

Leave a comment

Sorry, links are not allowed in this field!

Name should contain at least 3 letters

The field content should not exceed 80 letters

Sorry, links are not allowed in this field!

Please enter a valid email address