Security News > 2023 > May > Hackers target 1.5M WordPress sites with cookie consent plugin exploit
Ongoing attacks are targeting an Unauthenticated Stored Cross-Site Scripting vulnerability in a WordPress cookie consent plugin named Beautiful Cookie Consent Banner with more than 40,000 active installs.
WordPress security company Defiant, which spotted the attacks, says the vulnerability in question also allows unauthenticated attackers to create rogue admin accounts on WordPress websites running unpatched plugin versions.
"We have blocked nearly 3 million attacks against more than 1.5 million sites, from nearly 14,000 IP addresses since May 23, 2023, and attacks are ongoing."
Despite the large-scale nature of this ongoing attack campaign, Gall says the threat actor uses a misconfigured exploit that would likely not deploy a payload even when targeting a WordPress site running a vulnerable plugin version.
Admins or owners of websites using the Beautiful Cookie Consent Banner plugin are advised to update it to the latest version because even a failed attack could corrupt the plugin's configuration stored in the nsc bar bannersettings json option.
While the current wave of attacks might not be able to inject websites with a malicious payload, the threat actor behind this campaign could address this issue at any time and potentially infect any sites that remain exposed.
News URL
Related news
- LiteSpeed Cache WordPress plugin bug lets hackers get admin access (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign (source)
- Hackers exploit critical bug in Array Networks SSL VPN products (source)
- APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign (source)
- Hackers exploit ProjectSend flaw to backdoor exposed servers (source)
- Russia-Linked Turla Exploits Pakistani Hackers' Servers to Target Afghan and Indian Entities (source)
- Hackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus Backdoor (source)