CVE-2023-6000

Vulnerability updated 4 months ago (2024-05-04T19:34:18.936Z)

Download STIX

Preview STIX

CVE-2023-6000 is a significant software vulnerability found in older versions of the Popup Builder WordPress plugin, which has been exploited by the Balada Injector malware. This flaw, identified as an unpatched Cross-Site Scripting (XSS) vulnerability, allows attackers to inject malicious code into the "Custom JS or CSS" sections of vulnerable websites. With a CVSS score of 8.8, this vulnerability poses a high risk to affected systems. The Balada Injector malware campaign began exploiting this vulnerability on December 13th, targeting outdated versions of the Popup Builder plugin (versions below 4.2.3). Sucuri researchers reported in January that over 7100 WordPress sites had been infected by the Balada Injector malware due to this vulnerability. The malware's widespread impact underscores the critical need for prompt patching and updates of the Popup Builder plugin to mitigate the threat. In conclusion, CVE-2023-6000 is a severe XSS vulnerability in the Popup Builder WordPress plugin that has been widely exploited by the Balada Injector malware. As of January, thousands of WordPress sites have fallen victim to this malware due to the exploitation of this vulnerability. To prevent further infections, it is imperative that users update their Popup Builder plugins to versions beyond 4.2.3, thereby eliminating the known vulnerability.

Description last updated: 2024-05-04T17:12:49.238Z

What's your take? (Question 1 of 4)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Injector

Wordpress

Malware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Balada	Unspecified	4	Balada is a malicious software (malware) involved in an extensive ongoing campaign, primarily targeting vulnerabilities in WordPress plugins and themes. During the first half of 2023, SiteCheck detected a total of 60,697 obfuscated script injections attributed to Balada Injector, accounting for 15.6
Balada Injector	Unspecified	4	Balada Injector is a malicious software known for stealing information from wp-config.php files, primarily targeting WordPress websites. Active since 2017, this malware has been notorious for exploiting vulnerabilities in various WordPress themes and plugins to infiltrate systems. A significant wave

Source Document References

Information about the CVE-2023-6000 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	8 months ago	Balada Injector continues to infect thousands of WordPress sites
CERT-EU	6 months ago	Hackers Exploit Vulnerability in Popup Builder Plugin for WordPress
CERT-EU	6 months ago	Hackers Compromised 3,300 Websites using Plug-in Vulnerability \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	6 months ago	Thousands of WordPress sites facing malware infection following major plugin hack \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	6 months ago	WordPress Builder Plugin Flaw Exposes 3,300+ Websites To XSS Attack
CERT-EU	6 months ago	Thousands of WordPress sites compromised via WordPress plugin bug
Securityaffairs	6 months ago	Hackers exploited WordPress Popup Builder plugin flaw to compromise 3,300 sites
CERT-EU	6 months ago	Hackers exploited WordPress Popup Builder plugin flaw to compromise 3,300 sites \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
Pulsedive	6 months ago	Pulsedive Research: Balada Injector
CERT-EU	8 months ago	Nearly 7K WordPress Sites Compromised by Balada Injector
DARKReading	8 months ago	Nearly 7K WordPress Sites Compromised by Balada Injector
CERT-EU	8 months ago	Thousands of WordPress sites impacted by Balada Injector campaign
CERT-EU	8 months ago	New Balada Injector campaign infects 6,700 WordPress sites