another WordPress plugin actively exploited by hackers

More than 40 thousand sites on WordPress are at risk due to a vulnerability in the Beautiful Cookie Consent Banner plugin, which is used to add cookie consent banners.

The vulnerability is of the type XSS (cross-site scripting) and allows cybercriminals to inject malicious JavaScript-scripts in vulnerable sites to be executed in users’ browsers.

This can lead to unauthorized access to confidential information, session hijacking, malware infection through redirection to malicious sites, or complete compromise of the victim’s system.

Company Wordfencespecialized in WordPress security, informs What vulnerability also allows unauthorized attackers to create fake admin accounts on WordPress sites using outdated versions of the above plugin (up to and including 2.10.1).

“According to our data, the vulnerability has been exploited since February 5, 2023, but this is the largest attack with the exploitation that we have seen,” said threat analyst Ram Gall.

According to the researcher, Wordfence firewalls have repelled about 3 million attacks on more than 1.5 million websites in the past two days alone. And the attacks are still going on.

Attack statistics via the Beautiful Cookie Consent Banner plugin

Gall separately noted that cybercriminals use a misconfigured exploit that most likely will not be able to deliver a payload even when attacking a site with a vulnerable version of the plugin.

However, administrators or site owners using the “Beautiful Cookie Consent Banner” plugin are advised to update to the latest version, as even a failed attack can corrupt the plugin’s configuration stored in the “nsc_bar_bannersettings_json” option. The corrected versions of the plugin also add a self-healing mechanism in case the site has already been the target of these attacks.

While the current wave of attacks may not be able to infect sites with a malicious load, the attackers behind this campaign could fix the problem at any time and potentially infect any sites that are still vulnerable.

WordPress plugin vulnerabilities are one of the favorite ways for hackers to compromise websites. For example, this month we already wrote about attacks on vulnerable versions of plugins. Essential Addons for Elementor And Advanced Custom Fields .