Hackers on WordPress Websites Hacking Spree with Balada Malware

Thousands of WordPress websites have been hacked due to a vulnerability in the tagDiv Composer plugin, tracked as CVE-2023-3169. The flaw allows attackers to inject malicious code, enabling them to upload backdoors, add harmful plugins, and create admin accounts. The issue was detected by Vietnamese researcher Truoc Phan and later fully fixed in version 4.2 of the plugin. Users are advised to update the plugin and remain vigilant for signs of intrusion.