A man in an orange shirt coding on his laptop.

WordPress Security Alert 1.5M Sites Under Attack, Using Plugin Exploiting Cookie Usage

WordPress is now under attack due to an unauthenticated stored cross-site scripting (XSS) vulnerability. The attacks are targeted at the Beautiful Cookie Consent Banner, a popular cookie consent plugin with over 40,000 current installs.

Cross-site scripting (XSS) is a cyberattack in which the attacker injects malicious executable scripts into the source code of a trusted programme or website. Typically, attackers launch an XSS attack by providing a malicious link to an unknowing user with the purpose of convincing them to click on it.

Attackers use this vulnerability to inject malicious scripts into infected websites, causing visitor browsers to respond. As a result, the system may get completely compromised, unauthorised data access may occur, sessions hijacking, or malware can enter the system using unwanted redirection.

The WordPress security company Defiant initially discovered these attacks. They highlighted that this specific vulnerability allows unauthenticated attackers to create unauthorised admin accounts on WordPress sites using plugin versions up to and including 2.10.1 without necessary updates.

This vulnerability has affected several websites. The security vulnerability used in this campaign was patched in January. As a result, the Beautiful Cookie developers have recently released an update to fix this problem. As a result, if you are presently using the plugin, you must update to version 2.10.2.

Attacks blocked against WordPress
Attacks blocked against WordPress (Wordfence)

According to Ram Gall, a threat analyst:

According to our records, the vulnerability has been actively attacked since February 5, 2023, but this is the largest attack against it that we have seen. We have blocked nearly 3 million attacks against more than 1.5 million sites, from nearly 14,000 IP addresses since May 23, 2023, and attacks are ongoing.

Even though this attack effort is taking place on a huge scale, Gall adds that the threat actor is using a misconfigured exploit that won’t trigger unwanted activities, even if they are targeting a WordPress site with an outdated plugin.

However, administrators or website owners who use the Beautiful Cookie Consent Banner plugin are encouraged to upgrade to the latest version. This is because even if an attack fails, it may still damage the plugin’s settings. The upgraded versions of the plugin now include a self-repair feature in case the website is victim of one of these malicious attacks.

The group behind the attacks can change that at any time. The current round of attacks might not be able to upload dangerous information to websites. This means they could potentially spread malware to any unsecured websites.

A website is similar to your online store, whether you sell products or advertise your brand. Your website may function poorly, slow down, or become inaccessible, causing users to have a negative experience if it becomes a target of malware, spam, or phishing attacks. Innocent people can be affected by malware spread through hacked websites. Consequently, you may be held responsible for a significant data breach that impacts your clients.

Phishing Tackle offers a free 14-day trial to help train your users to avoid these types of attacks and test their knowledge with simulated attacks using various attack vectors. By focusing on training your users to spot these types of attacks, rather than relying solely on technology, you can ensure that your organisation is better prepared to defend against cyber threats and minimise the impact of any successful attacks. 

Recent posts