Hackers are reportedly using an unauthenticated Stored Cross-Site Scripting (XSS) flaw in a WordPress plugin to target thousands of websites, experts warn.
Defiant cybersecurity researchers discovered the flaw in Beautiful Cookie Consent Banner, a WP cookie consent plugin with over 40,000 active installations. The attackers could use the vulnerability to add malicious JavaScripts to the compromised websites, which would then run in visitors’ browsers.
Cybercriminals can use XSS for a number of things, from stealing sensitive data and sessions to completely taking over the vulnerable website. In this particular case, threat actors can create administrator accounts, which is privilege enough to completely take over the website.
Millions of affected sites
The creators of Beautiful Cookie recently released a patch for the bug, so if you’re using the plugin, make sure it’s updated to version 2.10.2.
“According to our data, the vulnerability has been actively attacked since February 5, 2023, but this is the largest attack we have seen,” said Ram Gall of Defiant. “We have blocked nearly 3 million attacks against more than 1.5 million sites from nearly 14,000 IP addresses since May 23, 2023, and the attacks are ongoing.”
The silver lining in the news is that the attackers’ exploit appears to be misconfigured in a way that a payload is unlikely to be deployed, even if it targets a website running an old and vulnerable version of the plugin. in. Still, the researchers urge webmasters and owners to apply the patch, as even a failed attempt can damage the plugin’s configuration.
The patch also fixes this issue as the plugin can repair itself.
What’s more, once the hacker realizes their mistake, they can fix it quickly and potentially infect the sites that haven’t been patched yet.
Through: Beeping computer
