Balada Injector Targets Unpatched tagDiv Plugin, Themes on WordPress Sites

The Balada Injector gang is actively exploiting vulnerabilities in tagDiv premium themes, such as the recently disclosed Unauthenticated Stored XSS vulnerability, to inject malware into websites.