Thousands of WordPress Sites with Popup Builder Plugin Compromised by Balada Injector
Thousands of WordPress Sites with Popup Builder Plugin Compromised by Balada Injector
11 January 2024
A stored XSS flaw in the Popup Builder WordPress plugin has been exploited by the Balada Injector campaign. The campaign injects malicious code into websites using older versions of the plugin, with over 6,200 sites currently affected.