• Fri. May 24th, 2024

Buggy Plugin Risks XXS Attacks On Over 1 Million WordPress Websites

Avatar photo

ByHarper Stewart

Jul 3, 2023
Buggy Plugin Endangers WordPress Websites
Harper Stewart
Latest posts by Harper Stewart (see all)

Around 2,000,000 active websites worldwide use these plugins, which are very well-liked custom field builders for WordPress

The CVE-2023-30777 flaw relates to a situation of reflected cross-site scripting (XSS), which has the potential to be exploited to insert malicious executable scripts into websites that are regarded as safe and non-threatening. 

The Research

According to BleepingComputer, on May 2, 2023, Rafie Muhammad, a researcher at Patchstack, discovered the critical mirrored XSS vulnerability, also known as CVE-2023-30777. 

Cross-site scripting (XSS) flaws often let attackers insert malicious scripts into websites that are accessible by others, resulting in the execution of code on the visitor’s web browser. By deceiving a privileged user into visiting the created URL route, this flaw enables any unauthenticated visitor to steal sensitive information and, in this example, privilege escalation on the WordPress site. 

The XSS vulnerability, according to Patchstack, may provide an unauthorized intruder access to confidential information and give them more power on a hacked WordPress website. Attacks using reflected XSS frequently occur when users are tricked into clicking on a phony link, which sends the malicious code to the vulnerable website and then reflects the attack back to the user’s web browser. 

Reflected XSS assaults are more likely to be the result of social engineering than stored XSS attacks, which significantly reduces their breadth and impact. Due to this limitation, criminal actors spread the damaging link to as many victims as they can in an effort to increase the attack’s effectiveness. The plugin’s creator immediately provided a security fix on May 4, 2023, as version 6.1.6 when Patchstack informed them about the flaw.

 
Avatar photo

Harper Stewart

With a deep understanding of the complexities of the Dark Web, Harper curates informative and thought-provoking content for our readers. Her knowledge of the hidden corners of the internet and cybersecurity helps shed light on the often mysterious and illicit activities that take place in this realm.