Over 2 Million Sites Vulnerable to Cyberattacks Due to Popular WordPress Plugin Vulnerability

After finding a security hole in version 6.1.6 of the Advanced Custom Fields plugin for WordPress, users are being told to update to a newer version.

The problem, which has been given the ID CVE-2023-30777, is a case of reflected cross-site scripting (XSS) that could be used to add random executable scripts to websites that are otherwise safe.

There are both free and paid versions of the app, and over two million people are using it right now. The problem was found on May 2, 2023, and the maintainers were told about it.

Rafie Muhammad, a researcher at Patchstack, said, “This vulnerability lets any unauthenticated user steal sensitive information or, in this case, raise their privileges on the WordPress site by getting a privileged user to visit a specially made URL path.”

Click on the following links for more news from the California Examiner:

Don’t Click on Fake Links

Reflected XSS attacks usually happen when users are tricked into clicking on a fake link sent via email or another method. This sends the malicious code to the vulnerable website, which then sends the attack back to the user’s browser.

Because of this part of social engineering, mirrored XSS attacks don’t have the same reach and scale as stored XSS attacks. This is why threat actors try to get as many people as possible to click on the malicious link.

The tweet below verifies the news:

Imperva says, “[A reflected XSS attack] usually happens when incoming requests are not properly sanitized, which makes it possible to change how a web application works and run malicious scripts.”

CVE-2023-30777 can be triggered on a default installation or configuration of Advanced Custom Fields, but only by logged-in users who have access to the plugin.

Craft CMS recently fixed two medium-severity XSS vulnerabilities (CVE-2023-30177 and CVE-2023-31144) that a threat actor could use to send malicious packages.

It also comes after the discovery of another XSS flaw in cPanel (CVE-2023-29489, CVSS score: 6.1) that could be used to run arbitrary JavaScript without authentication.

Shubham Shah of Assetnote said, “An attacker can not only attack the management ports of cPanel but also the applications that are running on ports 80 and 443. This could allow an attacker to take over a valid user’s cPanel session.”

“Once a cPanel user has been authenticated, it is usually easy to upload a web shell and run commands as that user.”

Get ahead of the curve by accessing breaking news and insightful articles onย californiaexaminer.netย โ€“ start exploring today!


Scroll to Top