CVE-2023-6000

Vulnerability updated 6 months ago (2024-05-04T19:34:18.936Z)
Download STIX
Preview STIX
CVE-2023-6000 is a significant software vulnerability found in older versions of the Popup Builder WordPress plugin, which has been exploited by the Balada Injector malware. This flaw, identified as an unpatched Cross-Site Scripting (XSS) vulnerability, allows attackers to inject malicious code into the "Custom JS or CSS" sections of vulnerable websites. With a CVSS score of 8.8, this vulnerability poses a high risk to affected systems. The Balada Injector malware campaign began exploiting this vulnerability on December 13th, targeting outdated versions of the Popup Builder plugin (versions below 4.2.3). Sucuri researchers reported in January that over 7100 WordPress sites had been infected by the Balada Injector malware due to this vulnerability. The malware's widespread impact underscores the critical need for prompt patching and updates of the Popup Builder plugin to mitigate the threat. In conclusion, CVE-2023-6000 is a severe XSS vulnerability in the Popup Builder WordPress plugin that has been widely exploited by the Balada Injector malware. As of January, thousands of WordPress sites have fallen victim to this malware due to the exploitation of this vulnerability. To prevent further infections, it is imperative that users update their Popup Builder plugins to versions beyond 4.2.3, thereby eliminating the known vulnerability.
Description last updated: 2024-05-04T17:12:49.238Z
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Injector
Wordpress
Malware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Balada Malware is associated with CVE-2023-6000. Balada is a malicious software (malware) involved in an extensive ongoing campaign, primarily targeting vulnerabilities in WordPress plugins and themes. During the first half of 2023, SiteCheck detected a total of 60,697 obfuscated script injections attributed to Balada Injector, accounting for 15.6Unspecified
4
The Balada Injector Malware is associated with CVE-2023-6000. Balada Injector is a malicious software known for stealing information from wp-config.php files, primarily targeting WordPress websites. Active since 2017, this malware has been notorious for exploiting vulnerabilities in various WordPress themes and plugins to infiltrate systems. A significant waveUnspecified
4
Source Document References
Information about the CVE-2023-6000 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more