Security News > 2023 > May > Hackers target 1.5M WordPress sites with cookie consent plugin exploit

Ongoing attacks are targeting an Unauthenticated Stored Cross-Site Scripting vulnerability in a WordPress cookie consent plugin named Beautiful Cookie Consent Banner with more than 40,000 active installs.

WordPress security company Defiant, which spotted the attacks, says the vulnerability in question also allows unauthenticated attackers to create rogue admin accounts on WordPress websites running unpatched plugin versions.

"We have blocked nearly 3 million attacks against more than 1.5 million sites, from nearly 14,000 IP addresses since May 23, 2023, and attacks are ongoing."

Despite the large-scale nature of this ongoing attack campaign, Gall says the threat actor uses a misconfigured exploit that would likely not deploy a payload even when targeting a WordPress site running a vulnerable plugin version.

Admins or owners of websites using the Beautiful Cookie Consent Banner plugin are advised to update it to the latest version because even a failed attack could corrupt the plugin's configuration stored in the nsc bar bannersettings json option.

While the current wave of attacks might not be able to inject websites with a malicious payload, the threat actor behind this campaign could address this issue at any time and potentially infect any sites that remain exposed.

News URL

https://www.bleepingcomputer.com/news/security/hackers-target-15m-wordpress-sites-with-cookie-consent-plugin-exploit/