A new malware campaign was found targeting the Popup Builder WordPress plugin, exploiting a vulnerability disclosed in November 2023. The campaign injects malicious code into websites, leading to over 3,300 infections.