Thousands of WordPress sites have been hacked through tagDiv plugin vulnerability

Cyber attackers have exploited a vulnerability in the WordPress plugin, tagDiv Composer, affecting thousands of sites. The hackers take advantage of a cross-site scripting flaw which permits malicious code intrusion. The criminals use this to redirect visitors to scam websites, pushing false notifications and fake lottery wins. Sucuri, a security firm, has tracked the malware campaign, named “Balada”, which since 2017, has compromised over one million websites and doubled in the last month.