The Wordfence Threat Intelligence team has been monitoring an increase in attacks targeting a Cross-Site Scripting vulnerability in Beautiful Cookie Consent Banner, a WordPress plugin installed on over 40,000 sites. The vulnerability, which was fully patched in January in version 2.10.2, offers unauthenticated attackers the ability to add malicious JavaScript to a website, potentially allowing redirects to malvertizing sites as well as the creation of malicious admin users, both of which are appealing use cases for attackers.
You may also like
Recent Posts
- 910 – WP-Tonic Show: Running: We Discuss The Future of WordPress & Gutenberg With Special Guest Rich Tabor Project Manager at Automattic
- #73 – The Membership Machine Show: Best WordPress Page Builders to Construct Your Membership Website in 2024
- Comments Engine AI WordPress Plugin
- Divi Product Highlight: DiviGrid
- Fifteen Merged PRs for WP-CLI Hack Day 2024