Researchers Uncover Lively Exploitation of WordPress Plugin Vulnerabilities

Could 30, 2024NewsroomWordPress / Web site Safety

Cybersecurity researchers have warned that a number of high-severity safety vulnerabilities in WordPress plugins are being actively exploited by menace actors to create rogue administrator accounts for follow-on exploitation.

“These vulnerabilities are found in various WordPress plugins and are prone to unauthenticated stored cross-site scripting (XSS) attacks due to inadequate input sanitization and output escaping, making it possible for attackers to inject malicious scripts,” Fastly researchers Simran Khalsa, Xavier Stevens, and Matthew Mathur stated.

The safety flaws in query are listed under –

  • CVE-2023-6961 (CVSS rating: 7.2) – Unauthenticated Saved Cross-Web site Scripting in WP Meta search engine optimization <= 4.5.12
  • CVE-2023-40000 (CVSS rating: 8.3) – Unauthenticated Saved Cross-Web site Scripting in LiteSpeed Cache <= 5.7
  • CVE-2024-2194 (CVSS rating: 7.2) – Unauthenticated Saved Cross-Web site Scripting in WP Statistics <= 14.5

Assault chains exploiting the issues contain injecting a payload that factors to an obfuscated JavaScript file hosted on an exterior area, which is answerable for creating a brand new admin account, inserting a backdoor, and establishing monitoring scripts.

Cybersecurity

The PHP backdoors are injected into each plugin and theme information, whereas the monitoring script is designed to ship an HTTP GET request containing the HTTP host data to a distant server (“ur.mystiqueapi[.]com/?ur”).

Fastly stated it detected a major proportion of the exploitation makes an attempt originating from IP addresses related to the Autonomous System (AS) IP Quantity Inc. (AS202425), with a piece of it coming from the Netherlands.

WordPress Plugin Vulnerabilities

It is value noting that WordPress safety firm WPScan beforehand disclosed comparable assault efforts focusing on CVE-2023-40000 to create rogue admin accounts on prone web sites.

To mitigate the dangers posed by such assaults, it is really useful that WordPress web site house owners overview their put in plugins, apply the newest updates, and audit the websites for indicators of malware or the presence of suspicious administrator customers.

Discovered this text fascinating? Observe us on Twitter and LinkedIn to learn extra unique content material we put up.

Recent articles

INTERPOL Pushes for

Dec 18, 2024Ravie LakshmananCyber Fraud / Social engineering INTERPOL is...

Patch Alert: Essential Apache Struts Flaw Discovered, Exploitation Makes an attempt Detected

Dec 18, 2024Ravie LakshmananCyber Assault / Vulnerability Risk actors are...