(416) 825-2120
info@veiliant.com
Free IT Assessment
  • About
  • Services
    • Fully Managed IT
    • Cloud Services
    • Software Development
    • Business Continuity
    • Cyber Security
    • Professional IT Consulting
  • Our Team
  • Blog
  • Contact
Remote Support

Hackers Target WordPress Plugin Flaw After PoC Exploit Released

Posted on 16 May at 7:23 am

Hackers are actively exploiting a recently fixed vulnerability in the WordPress Advanced Custom Fields plugin roughly 24 hours after a proof-of-concept (PoC) exploit was made public.

The vulnerability in question is CVE-2023-30777, a high-severity reflected cross-site scripting (XSS) flaw that allows unauthenticated attackers to steal sensitive information and escalate their privileges on impacted WordPress sites.

The flaw was discovered by website security company Patchstack on May 2nd, 2023, and was disclosed along with a proof-of-concept exploit on May 5th, a day after the plugin vendor had released a security update with version 6.1.6.

As the Akamai Security Intelligence Group (SIG) reported yesterday, starting May 6th, 2023, they observed significant scanning and exploitation activity using the sample code provided in Patchstack’s write-up.

“The Akamai SIG analyzed XSS attack data and identified attacks starting within 24 hours of the exploit PoC being made public,” reads the report.

“What is particularly interesting about this is the query itself: The threat actor copied and used the Patchstack sample code from the write-up.”

Exploitation attempts from a single threat actor
Exploitation attempts from a single threat actor (Akamai)

Considering that over 1.4 million websites using the impacted WordPress plugin have not upgraded to the latest version, based on wordpress.org stats, the attackers have quite a large attack surface to explore.

The XSS flaw requires the involvement of a logged-in user who has access to the plugin to run malicious code on their browser that will give the attackers high-privileged access to the site.

The malicious scans indicate that this mitigation factor doesn’t dishearten threat actors who trust that they can overcome it through basic trickery and social engineering.

Also, the exploit works on default configurations of the impacted plugin versions, which increases the chances of success for the threat actors without requiring extra effort.

WordPress site administrators using the vulnerable plugins are urged to immediately apply the available patch to protect from ongoing scanning and exploitation activity.

The recommended action is to upgrade ‘Advanced Custom Fields’ free and pro plugins to version 5.12.6 (backported) and 6.1.6.

Previous Post
Western Digital Says Hackers Stole Customer Data in March Cyberattack
Next Post
Microsoft Pulls Defender Update Fixing Windows LSA Protection Bug

Recent Posts

  • Microsoft 365 Phishing Attacks Use Encrypted RPMSG Messages May 31, 2023
  • Canadian Nurses Association Hit by Cyber Attack May 31, 2023
  • QBot Malware Abuses Windows WordPad EXE to Infect Devices May 27, 2023
  • Hackers Target Vulnerable WordPress Elementor Plugin After PoC Released May 27, 2023
  • Mozilla Stops Firefox Fullscreen VPN Ads After User Outrage May 26, 2023

Categories

  • Cybersecurity (165)
  • Machine Learning (1)
  • News (98)
  • Robotic Process Automation (4)

Partners and Affiliates

Manufacturers matter. We partner with industry leaders that focus on business technology solutions. Let us help you find the right fit for your organization. Our partners offer great support, education, and benefits that we pass down to our clients.

 

About Us

Veiliant Inc. is a Managed Service Provider that offers many flexible services. We strive to meet the growing demand for computer support services needed for business success.

Veiliant has a proactive approach to help create innovative solutions devised  with your business goals in mind.

Our Services

  • Fully Managed IT
  • Cloud Services
  • Software Development
  • Business Continuity
  • Professional IT Consulting
  • Cyber Security

Related Links

  • FAQ
  • Privacy Policy

Contact Information

5155 Spectrum Way, Unit 1, Mississauga, ON, L4W 5A1
(416) 825-2120

Customer Support

  • Remote Support
  • Free IT Assessment

© 2023 Veiliant Inc. All rights reserved.