Researchers uncovered a brand new wave of malware assaults towards WordPress web sites, exploiting identified XSS vulnerabilities in several WordPress plugins to deploy malware. Customers should guarantee updating their websites with the most recent plugin releases to keep away from the risk.
New Malware Campaigns Exploits XSS In Completely different WordPress Plugins
Reportedly, the risk actors have devised a brand new malware marketing campaign leveraging the overall apply of website admins, leaving their websites operating with weak plugin variations. Within the current marketing campaign, the attackers exploited completely different cross-site scripting (XSS) vulnerabilities in three completely different WordPress plugins to deploy malware.
As defined of their post, researchers from the safety group Fastly noticed lively exploitation of the next three XSS vulnerabilities.
- CVE-2023-6961 (CVSS 7.2): A high-severity XSS affecting the WP Meta search engine marketing plugin. The saved XSS impacted the ‘Referer’ header, permitting an unauthenticated adversary to inject arbitrary scripts on net pages that will execute following customers’ web page visits. The plugin builders patched this vulnerability with v.4.5.13.
- CVE-2023-40000 (CVSS 8.3): One other high-severity vulnerability affecting the LiteSpeed Cache Plugin. The builders addressed this flaw with the plugin model 5.7.0.1, launched in October 2023.
- CVE-2024-2194 (CVSS 7.2): This high-severity saved XSS flaw affected the URL search parameter within the WP Statistics plugin. It impacted the plugin variations 14.5 and earlier, finally receiving a patch with model 14.5.1
Fastly researchers noticed a brand new JavaScript malware exploiting these flaws. As said,
The assault payloads we’re observing concentrating on these vulnerabilities inject a script tag that factors to an obfuscated JavaScript file hosted on an exterior area.
Particularly, this malware performs three principal features: putting in PHP backdoors, creating rogue admin accounts, and establishing monitoring scripts to observe the focused websites.
Whereas the builders have adequately patched all three vulnerabilities, the lively exploitation of the issues within the wild clearly hints on the customers’ ignorance about guaranteeing immediate website updates. Now that the risk is already within the wild, WordPress admins should be certain that these WP plugins (and all others operating on their websites) are up to date with the most recent releases to obtain all safety fixes.
Tell us your ideas within the feedback.
