Скачать или смотреть 1.5M WordPress Web page plugin exploited. | May 25, 2023

Ongoing attacks are targeting a vulnerability in the Beautiful Cookie Consent Banner plugin for WordPress, which has over 40,000 active installations. The attacks exploit an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability, allowing malicious JavaScript to be injected into vulnerable websites. This can lead to unauthorized access, session hijacking, malware infections, or complete system compromise. The security flaw was patched in January, but the attacks have been active since February. The threat actor behind the campaign uses a misconfigured exploit that currently doesn't deploy a payload, but website owners are advised to update the plugin to the latest version to prevent any potential corruption. Additionally, there have been reports of attacks targeting other vulnerable WordPress plugins. Admins should stay vigilant and update their plugins to ensure website security.