A Newly Discovered Vulnerability in a Widely Used WordPress Plugin has Resulted in Over 2 Million Sites Being Exposed to Cyberattacks.

A startling new vulnerability has been discovered in a popular WordPress plugin, potentially exposing over 2 million sites to devastating cyberattacks! Keep your website safe and secure by learning more about this alarming development.

Are you a user of the popular WordPress plugin Advanced Custom Fields? If so, you need to take action now! A security flaw, identified as CVE-2023-30777, has been discovered in version 6.1.6 of the plugin, which is used by over two million active installations. This vulnerability could be exploited to inject malicious code into websites, potentially allowing attackers to steal sensitive information and gain access to the WordPress site. Patchstack researcher Rafie Muhammad explains that this type of attack is known as reflected cross-site scripting (XSS), and usually occurs when victims click on a malicious link sent via email or other means. So, if you’re using Advanced Custom Fields, make sure you update to the latest version as soon as possible to protect your site from this security flaw.

It’s time to take notice – CVE-2023-30777 can be activated on a default installation or configuration of Advanced Custom Fields, although it can only be done by logged-in users who have access to the plugin. This comes as Craft CMS patched two medium-severity XSS flaws (CVE-2023-30177 and CVE-2023-31144), which could be used by malicious actors to serve malicious payloads. Additionally, another XSS flaw in the cPanel product (CVE-2023-29489, CVSS score: 6.1) was disclosed, and it can be exploited without any authentication to run arbitrary JavaScript.

Shubham Shah from Assetnote warns that “an attacker can not only attack the management ports of cPanel but also the applications that are running on port 80 and 443,” and this could enable an adversary to hijack a valid user’s cPanel session. Shah further warns that “once acting on behalf of an authenticated user of cPanel, it is usually trivial to upload a web shell and gain command execution.” Don’t let your system become vulnerable – stay informed and stay safe!

Bir cevap yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir