Balada Injector Targets Unpatched tagDiv Plugin, Themes on WordPress Sites
The article discusses a recent wave of malware injections targeting websites that use the tagDiv Composer plugin with tagDiv premium themes Newspaper and Newsmag. The attacks exploit an Unauthenticated Stored XSS vulnerability in the plugin. The article provides details on different waves of the Balada Injector campaign, including the injected scripts and their functionality. The attackers aim to maintain control over compromised sites by uploading backdoors, adding malicious plugins, and creating rogue administrators. The article also highlights the evolving tactics of the Balada Injector gang and provides mitigation steps.