![thousands-of-wordpress-sites-have-been-hacked-through-tagdiv-plugin-vulnerability-[ars-technica]](https://i0.wp.com/upmytech.com/wp-content/uploads/2023/10/146369-thousands-of-wordpress-sites-have-been-hacked-through-tagdiv-plugin-vulnerability-ars-technica.jpeg?resize=760%2C380&ssl=1)
Thousands of WordPress sites have been hacked through tagDiv plugin vulnerability [Ars Technica]
Enlarge (credit: Getty Images)
Thousands of sites running the WordPress content management system have been hacked by a prolific threat actor that exploited a recently patched vulnerability in a widely used plugin.
The vulnerable plugin, known as tagDiv Composer, is a mandatory requirement for using two WordPress themes: Newspaper and Newsmag. The themes are available through the Theme Forest and Envato marketplaces and have more than 155,000 downloads.
Tracked as CVE-2023-3169, the vulnerability is what’s known as a cross-site scripting (XSS) flaw that allows hackers to inject malicious code into webpages. Discovered by Vietnamese researcher Truoc Phan, the vulnerability carries a severity rating of 7.1 out of a possible 10. It was partially fixed in tagDiv Composer version 4.1 and fully patched in 4.2.
Read 8 remaining paragraphs | Comments