Thousands of WordPress sites have been hacked through tagDiv plugin vulnerability
Enlarge (credit: Getty Images ) Thousands of sites running the WordPress content management system have been hacked by a prolific threat actor that exploited a recently patched vulnerability in a widely used plugin. The vulnerable plugin, known as tagDiv Composer, is a mandatory requirement for using two WordPress themes: Newspaper and Newsmag. The themes are available through the Theme Forest and Envato marketplaces and have more than 155,000 downloads. Tracked as CVE-2023-3169, the vulnerability is what’s known as a cross-site scripting (XSS) flaw that allows hackers to inject malicious code into webpages. Discovered by Vietnamese researcher Truoc Phan, the vulnerability [...]