more than 40 thousand sites on WordPress are at risk due to vulnerability in the Plugin “Beautiful Cookie Consent Banner”, which is used to add banners with a request for consent to the use of cookies.
Vulnerability belongs to the type of XSS (intersight scripting) and allows attackers to introduce malicious JavaScript scenaries in vulnerable sites that will be performed in user browsers.
This can lead to unauthorized access to confidential information, seizure sessions, infection of malicious software through redirecting to malicious sites or complete compromising of the victim system.
Wordfence, specializing in WordPress security, reports that vulnerability also allows unauthorized attackers to create fake administrative accounts on WordPress sites using outdated versions of the aforementioned plugin (until 2.10.1 inclusive). >
“According to our data, vulnerability is operated since February 5, 2023, but this is the largest attack with its use, which we saw,” said Ram Gall threats analyst.
According to the researcher’s assurances, the Wordfence firewalls have only reflected about 3 million attacks on more than 1.5 million websites over the past two days. And the attacks are still ongoing.
Attics through the plugin “Beautiful Cookie Consent Banner”
GALL separately noted that cybercriminals use an incorrect exploit, which most likely cannot deliver a useful load even when attacking a site with a vulnerable version of the plugin.
Nevertheless, it is recommended to update the administrators or owners of sites using the Beautiful Cookie Consent Banner plugin to the latest version, since even an unsuccessful attack can damage the plugin configuration stored in the NSC_BAR_BANNERSETINGS_JSON option. In the corrected versions of the plugin, a self -healing mechanism is also added if the site has previously become the goal of these attacks.
Although the current wave of attacks may not be able to infect sites with a malicious load, an attacker for this campaign can correct this problem at any time and potentially infect any sites that still remain vulnerable.
WordPress plugins vulnerability is one of the favorite ways of attackers to compromise websites. For example, this month we already wrote about attacks on vulnerable versions of the Essential Addons for Elementor and Advanced Custom Fields.