{"id":54062,"date":"2023-10-10T13:48:47","date_gmt":"2023-10-10T13:48:47","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/35105\/Thousands-Of-WordPress-Sites-Have-Been-Hacked-Through-tagDiv-Vuln.html"},"modified":"2023-10-10T13:48:47","modified_gmt":"2023-10-10T13:48:47","slug":"thousands-of-wordpress-sites-have-been-hacked-through-tagdiv-vuln","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/thousands-of-wordpress-sites-have-been-hacked-through-tagdiv-vuln\/","title":{"rendered":"Thousands Of WordPress Sites Have Been Hacked Through tagDiv Vuln"},"content":{"rendered":"<figure class=\"intro-image intro-left\"> <img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/07\/scam-website-800x534.jpeg\" alt=\"Thousands of WordPress sites have been hacked through tagDiv plugin vulnerability\"><figcaption class=\"caption\"><\/figcaption><\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\"> <a class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/security\/2023\/10\/thousands-of-wordpress-sites-have-been-hacked-through-tagdiv-plugin-vulnerability\/?comments=1\"> <\/p>\n<h4 class=\"comment-count-before\">reader comments<\/h4>\n<p> <span class=\"comment-count-number\">23<\/span> <span class=\"visually-hidden\"> with <\/span> <\/a> <\/aside>\n<p> <!-- cache miss 438:single\/related:e1ea70fd1cbd75c946637c566910a3b3 --><!-- empty --><\/p>\n<p>Thousands of sites running the WordPress content management system have been hacked by a prolific threat actor that exploited a recently patched vulnerability in a widely used plugin.<\/p>\n<p>The vulnerable plugin, known as tagDiv Composer, is a mandatory requirement for using two WordPress themes: <a href=\"https:\/\/themeforest.net\/item\/newspaper\/5489609\">Newspaper<\/a> and <a href=\"https:\/\/themeforest.net\/item\/newsmag-news-magazine-newspaper\/9512331\">Newsmag<\/a>. The themes are available through the Theme Forest and Envato marketplaces and have more than 155,000 downloads.<\/p>\n<p>Tracked as CVE-2023-3169, the vulnerability is what\u2019s known as a cross-site scripting (XSS) flaw that allows hackers to inject malicious code into webpages. Discovered by Vietnamese researcher <a href=\"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/researchers\/truoc-phan\">Truoc Phan<\/a>, the vulnerability carries a severity rating of 7.1 out of a possible 10. It was partially fixed in tagDiv Composer version 4.1 and fully patched in 4.2.<\/p>\n<p>According to a <a href=\"https:\/\/blog.sucuri.net\/2023\/10\/balada-injector-targets-unpatched-tagdiv-plugin-newspaper-theme-wordpress-admins.html\">post<\/a> authored by security researcher Denis Sinegubko, threat actors are exploiting the vulnerability to inject web scripts that redirect visitors to various scam sites. The redirections lead to sites pushing fake tech support, fraudulent lottery wins, and push notification scams, the latter of which trick visitors into subscribing to push notifications by displaying <a href=\"https:\/\/blog.sucuri.net\/2022\/05\/massive-wordpress-javascript-injection-campaign-redirects-to-ads.html\">fake captcha dialogs<\/a>.<\/p>\n<p>Sucuri, the security firm Sinegubko works for, has been tracking the malware campaign since 2017 and has named it Balada. Sucuri estimates that in the past six years, Balada has compromised more than 1 million sites. Last month, Sucuri detected Balada injections on more than 17,000 sites, almost double the number the firm had seen the month before. More than 9,000 of the new infections were the result of injections made possible by exploiting CVE-2023-3169.<\/p>\n<p>Sinegubko wrote:<\/p>\n<blockquote>\n<p>We observed a rapid cycle of modifications to their injected scripts alongside new techniques and approaches. We saw randomized injections and obfuscation types, simultaneous use of multiple domains and subdomains, abuse of CloudFlare, and multiple approaches to attack administrators of infected WordPress sites.<\/p>\n<p>September was also a very challenging month for thousands of users of the tagDiv Newspaper theme. The Balada Injector malware campaign performed a series of attacks targeting both the vulnerability in the tagDiv Composer plugin and blog administrators of already infected sites.<\/p>\n<\/blockquote>\n<p>Sucuri has tracked no fewer than six waves of injections that leverage the vulnerability. While each wave is distinct, all contain a telltale script injected inside of these tags:<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<pre class=\"code_syntax\"><span class=\"line_wrapper\"><span>&lt;<\/span>style id<span>=<\/span><span>\"<\/span><span>tdw-css-placeholder<\/span><span>\"<\/span><span>&gt;<\/span><span>&lt;<\/span><span>\/<\/span>style<span>&gt;<\/span><span>&lt;<\/span>script<span>&gt;<\/span><span>.<\/span><span>.<\/span><span>.<\/span>malicious injection\u2026<span>&lt;<\/span><span>\/<\/span>script<span>&gt;<\/span><span>&lt;<\/span>style<span>&gt;<\/span><span>&lt;<\/span><span>\/<\/span>style<span>&gt;<\/span><\/span><\/pre>\n<p>The malicious injection uses obfuscated code to make it hard to detect. It can be found in the database used by WordPress sites, specifically in the \u201ctd_live_css_local_storage\u201d option of the wp_options table.<\/p>\n<p>The Balada threat actor has always attempted to gain persistent control over the websites it compromises. The most common way it does this is by injecting scripts that create accounts with administrator privileges. If real admins detect and remove the redirection scripts but allow the fake admin accounts to remain, the threat actor uses its administrative control to add a new set of malicious redirect scripts.<\/p>\n<p>The researcher wrote:<\/p>\n<blockquote>\n<p>Balada Injector hackers always aim for persistent control over compromised sites by uploading backdoors, adding malicious plugins, and creating rogue blog administrators. In this case, the [CVE-2023-3169] vulnerability doesn\u2019t allow them to easily achieve this goal. However, this never stopped Balada from trying to completely take over the sites with stored XSS vulnerabilities.<\/p>\n<p>Balada is long known for injecting malicious scripts that target logged-in site administrators. The idea is when a blog administrator logs into a website, their browser contains cookies that allow them to do all their administrative tasks without having to authenticate themselves on every new page. So, if their browser loads a script that tries to emulate administrator activity, it will be able to do almost anything that can be done via the WordPress admin interface.<\/p>\n<\/blockquote>\n<p>Anyone administering a site that uses the WordPress themes Newspaper or Newsmag should carefully inspect both their site and event logs for signs of infection using the many indicators of compromise included in the Sucuri post. As mentioned, the Balada threat actors attempt to gain persistent access to the sites they compromise. In addition to removing any malicious scripts added, it\u2019s also important to check for backdoor code and the addition of any admin accounts.<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/35105\/Thousands-Of-WordPress-Sites-Have-Been-Hacked-Through-tagDiv-Vuln.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":54063,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[6493],"class_list":["post-54062","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehackerflawwordpress"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Thousands Of WordPress Sites Have Been Hacked Through tagDiv Vuln 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/thousands-of-wordpress-sites-have-been-hacked-through-tagdiv-vuln\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Thousands Of WordPress Sites Have Been Hacked Through tagDiv Vuln 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/thousands-of-wordpress-sites-have-been-hacked-through-tagdiv-vuln\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-10-10T13:48:47+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/07\/scam-website-800x534.jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/thousands-of-wordpress-sites-have-been-hacked-through-tagdiv-vuln\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/thousands-of-wordpress-sites-have-been-hacked-through-tagdiv-vuln\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Thousands Of WordPress Sites Have Been Hacked Through tagDiv Vuln\",\"datePublished\":\"2023-10-10T13:48:47+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/thousands-of-wordpress-sites-have-been-hacked-through-tagdiv-vuln\\\/\"},\"wordCount\":694,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/thousands-of-wordpress-sites-have-been-hacked-through-tagdiv-vuln\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/thousands-of-wordpress-sites-have-been-hacked-through-tagdiv-vuln.jpg\",\"keywords\":[\"headline,hacker,flaw,wordpress\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/thousands-of-wordpress-sites-have-been-hacked-through-tagdiv-vuln\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/thousands-of-wordpress-sites-have-been-hacked-through-tagdiv-vuln\\\/\",\"name\":\"Thousands Of WordPress Sites Have Been Hacked Through tagDiv Vuln 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/thousands-of-wordpress-sites-have-been-hacked-through-tagdiv-vuln\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/thousands-of-wordpress-sites-have-been-hacked-through-tagdiv-vuln\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/thousands-of-wordpress-sites-have-been-hacked-through-tagdiv-vuln.jpg\",\"datePublished\":\"2023-10-10T13:48:47+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/thousands-of-wordpress-sites-have-been-hacked-through-tagdiv-vuln\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/thousands-of-wordpress-sites-have-been-hacked-through-tagdiv-vuln\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/thousands-of-wordpress-sites-have-been-hacked-through-tagdiv-vuln\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/thousands-of-wordpress-sites-have-been-hacked-through-tagdiv-vuln.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/thousands-of-wordpress-sites-have-been-hacked-through-tagdiv-vuln.jpg\",\"width\":800,\"height\":534},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/thousands-of-wordpress-sites-have-been-hacked-through-tagdiv-vuln\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,flaw,wordpress\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackerflawwordpress\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Thousands Of WordPress Sites Have Been Hacked Through tagDiv Vuln\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Thousands Of WordPress Sites Have Been Hacked Through tagDiv Vuln 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/thousands-of-wordpress-sites-have-been-hacked-through-tagdiv-vuln\/","og_locale":"en_US","og_type":"article","og_title":"Thousands Of WordPress Sites Have Been Hacked Through tagDiv Vuln 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/thousands-of-wordpress-sites-have-been-hacked-through-tagdiv-vuln\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-10-10T13:48:47+00:00","og_image":[{"url":"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/07\/scam-website-800x534.jpeg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/thousands-of-wordpress-sites-have-been-hacked-through-tagdiv-vuln\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/thousands-of-wordpress-sites-have-been-hacked-through-tagdiv-vuln\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Thousands Of WordPress Sites Have Been Hacked Through tagDiv Vuln","datePublished":"2023-10-10T13:48:47+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/thousands-of-wordpress-sites-have-been-hacked-through-tagdiv-vuln\/"},"wordCount":694,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/thousands-of-wordpress-sites-have-been-hacked-through-tagdiv-vuln\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/10\/thousands-of-wordpress-sites-have-been-hacked-through-tagdiv-vuln.jpg","keywords":["headline,hacker,flaw,wordpress"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/thousands-of-wordpress-sites-have-been-hacked-through-tagdiv-vuln\/","url":"https:\/\/www.threatshub.org\/blog\/thousands-of-wordpress-sites-have-been-hacked-through-tagdiv-vuln\/","name":"Thousands Of WordPress Sites Have Been Hacked Through tagDiv Vuln 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/thousands-of-wordpress-sites-have-been-hacked-through-tagdiv-vuln\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/thousands-of-wordpress-sites-have-been-hacked-through-tagdiv-vuln\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/10\/thousands-of-wordpress-sites-have-been-hacked-through-tagdiv-vuln.jpg","datePublished":"2023-10-10T13:48:47+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/thousands-of-wordpress-sites-have-been-hacked-through-tagdiv-vuln\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/thousands-of-wordpress-sites-have-been-hacked-through-tagdiv-vuln\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/thousands-of-wordpress-sites-have-been-hacked-through-tagdiv-vuln\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/10\/thousands-of-wordpress-sites-have-been-hacked-through-tagdiv-vuln.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/10\/thousands-of-wordpress-sites-have-been-hacked-through-tagdiv-vuln.jpg","width":800,"height":534},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/thousands-of-wordpress-sites-have-been-hacked-through-tagdiv-vuln\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,flaw,wordpress","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackerflawwordpress\/"},{"@type":"ListItem","position":3,"name":"Thousands Of WordPress Sites Have Been Hacked Through tagDiv Vuln"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/54062","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=54062"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/54062\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/54063"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=54062"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=54062"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=54062"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}