Urgent Security Advisory: WordPress Popup Builder Exploitation – Take Immediate Action

Hackers are exploiting a vulnerability (CVE-2023-6000) in outdated versions of the Popup Builder plugin for WordPress, infecting over 3,300 websites. This cross-site scripting (XSS) flaw affects Popup Builder versions 4.2.3 and older, initially disclosed in November 2023. Despite a prior Balada Injector campaign affecting 6,700 websites, a new surge has been observed in the past three weeks, indicating delayed patching by site administrators.

The attacks target the ‘wp_postmeta’ database table, infecting Custom JavaScript or Custom CSS sections in the WordPress admin interface. The injected code serves as event handlers for Popup Builder plugin actions, leading to various outcomes, including redirecting visitors to phishing pages and malware distribution sites.

Sucuri reports 3,329 WordPress sites affected, with 1,170 infections detected by its scanners. Malicious domains include “ttincoming.traveltraffic[.]cc” and “host.cloudsonicwave[.]com,” recommended for blocking.

To defend against these attacks:

  1. Upgrade Popup Builder to the latest version (4.2.7), addressing CVE-2023-6000 and other security issues.
  2. Block domains “ttincoming.traveltraffic[.]cc” and “host.cloudsonicwave[.]com.”
  3. For infected sites, remove malicious entries from Popup Builder’s custom sections and scan for hidden backdoors to prevent reinfection.

Considering that over 80,000 active sites still use Popup Builder 4.1 and older, prompt action is crucial to mitigate the risk of further exploitation.

Get In Touch

Share On Social Media

Other Recent Blog Articles

Imagine your business is like a really important house, like a bank or a hospital, filled with valuable information. Keeping it secure from digital “burglars” is crucial!

March 27, 2025

Imagine your business. It’s not just an office or a storefront anymore; it’s a digital vault. Inside reside your most valuable assets: customer data, financial records, intellectual property, and the…

Read More

Breaking Down I.T. with Steve: Is Your Small Business a Hidden Target? The Importance of Vulnerability Scanning

March 21, 2025

This week on “Breaking Down I.T. with Steve,” we’re tackling a critical topic that every small business owner in the Pacific Northwest needs to understand: vulnerability scanning. You might think…

Read More

Bank of America Data Breach: A Wake-Up Call for Third-Party Security

March 19, 2025

Bank of America Corp. (NYSE:BAC) recently issued a warning to a select group of customers regarding a potential data breach, highlighting the ever-present threat of data security vulnerabilities, even within…

Read More