Hackers are now targeting 1.5 million WordPress websites. To do so, they are reportedly focusing on exploiting the cookie consent plugin.
Beautiful Cookie Consent Banner was the Target of Hackers Due to a Certain XSS Vulnerability
According to Bleeping Computer's story, a cookie consent plugin known as the Beautiful Cookie Consent Banner has been the target of hackers due to a certain vulnerability. Ongoing attacks targeted the Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability, explained further in an post by WPScan.
It was also noted that the Beautiful Cookie Consent Banner had over 40,000 active installs, a decent amount for a WP plugin. The report also described how an XSS attack happens and how hackers exploit it.
Hackers Would Inject Malicious JavaScript Scripts Into the Web Browsers of Visitors
The details revealed that threat actors would target vulnerable websites by injecting malicious JavaScript. These scripts will then execute within the web browsers of the visitors.
The results of this data breach reportedly range from unauthorized access to sensitive information to complete system compromise. It was also revealed that these attacks could also perform session hijacking and malware infections through malicious website redirects.
Plugin Users are Urged to Update to At Least Version 2.10.2 to Avoid the Exploit
Defiant, a WordPress security company, discovered the attacks and gave their two takes on the situation. They shared that the vulnerability would allow hackers to create rogue admin accounts on the exploited WordPress websites running plugin versions that weren't patched.
This meant those running plugin versions up to and including the 2.10.1 versions. The security flaw was already patched in January with the release of the newer version, 2.10.2.
The Vulnerability has been Active Since Feb 5 and Over 1.5 Million Sites have been Targetted
However, those who haven't updated their plugin will still be vulnerable to this particular exploit, which hackers can exploit. Ram Gall, a threat analyst, gave a statement regarding the situation, sharing that the vulnerability was active since February 5, 2023, but remains the largest attack they've seen.
Gall noted that they have already blocked around three million attacks trying to target over 1.5 million sites. This was done since May 23, and as the analyst revealed, the attacks were still ongoing.
Read Also: UK Consumers Fall Victim to Facebook, Instagram Online Shopping Scams Every 7 Minutes: Study
The Risks of the Exploit Could Still Mean Corruption of the Plugin
The analyst also notes that the hackers using the misconfigured exploit won't likely "deploy a payload" even when trying to target a WordPress site that still had that particular vulnerable plugin version.
It was also noted that the admins, and the owners of websites using the Beautiful Cookie Consent Banner plugin, were asked to update their cookies to the latest version to avoid being the target of hackers in the recent exploit.
It was noted that even a failed attack could still damage the website and cause the user's plugin configuration corruption within the option labeled as nsc_bar_bannersettings_json. The patched versions were also updated and, once downloaded, would be capable of repairing itself should the website be targetted in these particular attacks.
Related Article: NHS Allegedly Shares Patient Information With Facebook Without Consent!
