this post was submitted on 10 Oct 2023
178 points (98.9% liked)

Technology

59402 readers
4094 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
top 7 comments
sorted by: hot top controversial new old
[–] SomethingBurger@jlai.lu 20 points 1 year ago* (last edited 1 year ago)

Theme Forest and Envato marketplaces

Also known as "the places where themes and plugins go when they are so shitty even WordPress.org doesn't want them". Never use anything that comes from these two sites.

[–] wagesj45@kbin.social 12 points 1 year ago

FYI, Publii is really good. It supports importing existing WordPress blogs and has a familiar interface. Great for those that don't need built in comments and can use something like Cactus (if you like Matrix).

[–] autotldr@lemmings.world 12 points 1 year ago

This is the best summary I could come up with:


Thousands of sites running the WordPress content management system have been hacked by a prolific threat actor that exploited a recently patched vulnerability in a widely used plugin.

The vulnerable plugin, known as tagDiv Composer, is a mandatory requirement for using two WordPress themes: Newspaper and Newsmag.

Tracked as CVE-2023-3169, the vulnerability is what’s known as a cross-site scripting (XSS) flaw that allows hackers to inject malicious code into webpages.

According to a post authored by security researcher Denis Sinegubko, threat actors are exploiting the vulnerability to inject web scripts that redirect visitors to various scam sites.

The Balada Injector malware campaign performed a series of attacks targeting both the vulnerability in the tagDiv Composer plugin and blog administrators of already infected sites.

Balada Injector hackers always aim for persistent control over compromised sites by uploading backdoors, adding malicious plugins, and creating rogue blog administrators.


The original article contains 675 words, the summary contains 145 words. Saved 79%. I'm a bot and I'm open source!

[–] autotldr@lemmings.world -2 points 1 year ago (1 children)

This is the best summary I could come up with:


Thousands of sites running the WordPress content management system have been hacked by a prolific threat actor that exploited a recently patched vulnerability in a widely used plugin.

The vulnerable plugin, known as tagDiv Composer, is a mandatory requirement for using two WordPress themes: Newspaper and Newsmag.

Tracked as CVE-2023-3169, the vulnerability is what’s known as a cross-site scripting (XSS) flaw that allows hackers to inject malicious code into webpages.

According to a post authored by security researcher Denis Sinegubko, threat actors are exploiting the vulnerability to inject web scripts that redirect visitors to various scam sites.

The Balada Injector malware campaign performed a series of attacks targeting both the vulnerability in the tagDiv Composer plugin and blog administrators of already infected sites.

Balada Injector hackers always aim for persistent control over compromised sites by uploading backdoors, adding malicious plugins, and creating rogue blog administrators.


The original article contains 675 words, the summary contains 145 words. Saved 79%. I'm a bot and I'm open source!

[–] tgxn@lemmy.tgxn.net 12 points 1 year ago (1 children)
[–] Appoxo@lemmy.dbzer0.com 7 points 1 year ago (1 children)
[–] tgxn@lemmy.tgxn.net 1 points 1 year ago

Indeed 😊