Thousands of sites running the WordPress content management system have been hacked due to a vulnerability in a widely used plugin.

The tagDiv Composer plugin is a prerequisite for using two WordPress themes: Newspaper and Newsmag. They have been downloaded more than 155,000 times.

This vulnerability is a so-called cross-site scripting (XSS) bug that allows hackers to inject malicious code into web pages. The vulnerability, discovered by Vietnamese researcher Truoc Phan, has a severity rating of 7.1 out of a possible 10. It was partially fixed in tagDiv Composer version 4.1 and completely fixed in version 4.2.

Attackers exploit this weak point to inject Web scripts that redirect visitors to various rogue sites. They promote fake technical support, fraudulent lottery winnings, and fake push notifications.

Therefore, site administrators using Newspaper or Newsmag WordPress themes should check their site and event logs for signs of infection using numerous indicators of compromise. In addition to removing any added malicious scripts, it is also important to check for a backdoor code and the addition of any administrator accounts.

As a reminder, hackers used stolen credentials and one of 23andMe’s own genetic base features to find and collect data from millions of accounts.