WordPress plugin vulnerability led to thousands of sites hacked

Always keep your sites updated

MajorLinux - Editor-in-chief
Photo by Negative Space on Pexels.com

A WordPress plugin named “tagDiv Composer” has been linked to thousands of sites being hacked.

The vulnerability is being tracked as CVE-2023-3169 and has already been patched by the developers, but is still being exploited to take advantage of sites that have not updated to the latest plugin.

What makes this a bigger deal is the fact that the plugin is a mandatory plugin for two WordPress themes, Newspaper and Newsmag. These themes are available on the ThemeForest and Envato marketplaces, two popular sites for WordPress themes.

If you’d like more detailed information as to how the vulnerability is exploited, Ars Technica has a great article that goes more in depth.

As always, please make sure anything you have on the web that is public facing is updated as often as possible.

Share This Article
By MajorLinux Editor-in-chief
Marcus Summers is a Linux system administrator by trade. He has been working with Linux for nearly 15 years and has become a fan of open source ideals. He self identifies as a socialist and believes that the world's information should be free for all.
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *