When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
This is not a brand-new flaw, either, first being discovered by Dr.
Web in December 2022.
The Balada Injector campaign, some researchers believe, has been active since 2017.
The problem is that many site owners didnt apply the fix on time.
“We are aware of these cases.
The malware can affect websites using older theme versions,” tagDiv said.
Also change all the website passwords."
The earliest secure version of tagDiv Composer is 4.2.
As aweb-builder platform, WordPress is generally considered safe.
Its the plugins, such as these two, that threat actors usually scan for flaws and abuse.
ViaBleepingComputer
