Hackers Exploit Critical WordPress Plugin Vulnerability Within Hours of Public PoC Release
Hackers Exploit Critical WordPress Plugin Vulnerability Within Hours of Public PoC Release
High-severity reflected cross-site scripting (XSS) flaw
Hackers are wasting no time in exploiting a recently addressed vulnerability in the WordPress Advanced Custom Fields plugin, as they swiftly took advantage of a publicly available proof-of-concept (PoC) exploit just 24 hours after its disclosure.
The vulnerability, identified as CVE-2023-30777, is a high-severity reflected cross-site scripting (XSS) flaw that enables unauthorized attackers to extract sensitive information and escalate their privileges on targeted WordPress sites.
Discovered by website security firm Patchstack on May 2nd, 2023, the vulnerability was promptly disclosed, including a PoC exploit, on May 5th, a day after the plugin vendor released a security update with version 6.1.6.
According to a report from the Akamai Security Intelligence Group (SIG), significant scanning and exploitation activities were observed starting from May 6th, 2023, using the provided sample code in Patchstack’s disclosure.
“The Akamai SIG analyzed XSS attack data and identified attacks starting within 24 hours of the exploit PoC being made public,” the report stated.
See Also: So you want to be a hacker?
Offensive Security, Bug Bounty Courses
Attackers Utilize Patchstack’s Sample Code in WordPress Vulnerability
What makes this situation particularly noteworthy is that the threat actor replicated and utilized the sample code from Patchstack’s write-up.
With over 1.4 million websites still running the vulnerable version of the impacted WordPress plugin, based on wordpress.org statistics, attackers have an extensive attack surface to target.
Exploiting the XSS flaw requires the involvement of a logged-in user with plugin access, enabling the execution of malicious code in their browser, thereby granting the attackers elevated privileges on the site.
Despite this requirement, the malicious scans demonstrate that threat actors remain undeterred, relying on basic deception and social engineering to overcome this mitigation factor.
Furthermore, the exploit works on default configurations of the affected plugin versions, increasing the likelihood of success for attackers without the need for additional efforts.
Trending: OSINT Tool: GooFuzz
WordPress Administrators Urged to Patch Vulnerable Plugins
WordPress site administrators using the vulnerable plugins are strongly advised to immediately apply the available patch to protect against ongoing scanning and exploitation attempts.
The recommended course of action is to update both the ‘Advanced Custom Fields’ free and pro plugins to version 5.12.6 (backported) and 6.1.6, respectively.
Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?
If you want to express your idea in an article contact us here for a quote: info@blackhatethicalhacking.com
Source: bleepingcomputer.com
The post Hackers Exploit Critical WordPress Plugin Vulnerability Within Hours of Public PoC Release first appeared on Black Hat Ethical Hacking.
About The Author
