Hackers Aggressively Exploiting WordPress Plugin XSS Flaw – 2 Million Sites Affected

The cybersecurity researchers at Akamai recently affirmed as web applications and third-party tools become more prevalent, the risk of cyber-attacks increases due to a larger attack surface and low entry barriers for attackers.

Shortly after the announcement of a critical vulnerability in a WordPress custom field plug-in and the release of a patch, a notable increase in XSS activity was observed, with one specific proof-of-concept query being particularly significant.

Attackers are exploiting known vulnerabilities more extensively, and it’s important to analyze the vulnerability, actor, and traffic to understand the attack.

Initial Flaw Leads to XSS

CVE-2023-30777, a vulnerability detected in February with a CVSS base score of 7.1, enables a threat actor to execute a reflected XSS attack by injecting harmful scripts, redirects, ads, and URL manipulations into a targeted website.

Illegitimate scripts injected into an affected website can be unknowingly propagated to its visitors, posing a significant danger as site owners remain unaware of this manipulation.

The vulnerability’s widespread impact, affecting over 2 million active plug-in users, garnered significant attention upon releasing the exploit PoC, patch, and a comprehensive write-up featuring example payloads.

Active Exploitation of XSS Flaw

Public release of exploit vector details leads to an exponential surge in scanning and exploitation attempts, with security researchers, hobbyists, and companies frequently assessing new vulnerabilities upon disclosure.

The Akamai SIG’s analysis of XSS attack data revealed a concerning trend where the volume of attacks and the time it takes for them to occur after the public release of exploit PoCs is rapidly increasing and decreasing, respectively, with attacks initiating within a mere 24 hours.

The indiscriminate nature of the activity across all sectors and the absence of any attempt to develop new exploit codes indicate a non-sophisticated threat actor scanning for vulnerable sites and targeting easily exploitable vulnerabilities.

Recommendations

Here below, we have mentioned all the recommendations offered by the cybersecurity researchers at Akamai:-

• As part of an organization’s risk reduction and security strategy, patch management is essential to managing risks.
• Deploying the right tooling will make it easier to gain visibility into your network in real-time and mitigate vulnerabilities.
• Firewalls for web applications provide security teams with the necessary protection from attacks. 
• Ensure that the web applications are patched with security patches to prevent further attacks.