Maybe the rogue admin could add a phishing login page to the website itself, without the real admins knowing about it. Perhaps someone could use scripts to redirect visitors to malware, or phishing pages, or even create malicious admin users. The potential for mischief and mayhem with this kind of compromise is large. The vulnerability in the Beautiful Cookie Consent banner allows for the more dangerous stored XSS, in which an attacker causes the site to remember the malicious code and regurgitate it to all of its users. Most XSS attacks require users to click on doctored links, and only work if they do, because the malicious code isn't retained by the site being attacked. The plugin exploit is a cross-site scripting attack (XSS), a type of attack that injects malicious code into otherwise benign websites. Researchers have observed:ģ million attacks against more than 1.5 million sites, from nearly 14,000 IP addresses since May 23, 2023. The best example of this update-related security drag is the fact that despite the plugin update, attacks are still in full flow. The flaw was actually patched way back in January, but considering how long some folks can leave updates it’s going to take a while to have this one settle down. Sadly the cookie has crumbled with a flaw leaving sites open to the possibility of rogue JavaScript abuse. The plugin is designed to present users with a cookie banner “ without loading any external resources from third parties”. The plugin, which is installed on more than 40,000 sites, has been impacted by a “ bizarre campaign” being actively used since at least February 5 of this year. WordPress plugins are under fire once more, and you’re advised to update your version of Beautiful Cookie Consent Banner as soon as possible.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |