Hackers are targeting WordPress sites with cookie consent plugin exploit


Hackers are actively exploiting a vulnerability in a WordPress cookie consent plugin called Beautiful Cookie Consent Banner. The plugin has an unauthenticated stored Site Scripting (XSS) vulnerability. The vulnerability allows a threat actor to invest malicious JavaScript scripts in the website and execute it within the web browser.

The XSS attack can be used to get access to sensitive information, session hijacking, malware infections via redirects, or a complete takeover of the target system. The vulnerability can also be exploited to create a rogue admin account on the WordPress website running the unpatched plugin.

Also see: How To Scan Your WordPress Site For Malware And Other Security Threats

WordPress security company Defiant, which offers the WordPress security plugin Wordfence, spotted these attacks and also blocked nearly 3 million attacks on more than 1.5 million sites since May 23, 2023. Attacks are still going on.

If you are also using the Beautiful Cookie Consent Banner plugin, you need to know that the vulnerability affects the plugin up to version 2.10.1. So, update the plugin now. The vulnerability was patched in January but several websites are still using older versions of the plugin which makes them vulnerable to these attacks.

If you are using Wordfence to protect your website, you should know that all users using Wordfence Free, Wordfence Premium, Wordfence Care, and Wordfence Response, are protected against the vulnerability.

Share this article
Shareable URL
Prev Post

Assassin’s Creed Mirage is arriving on October 12

Next Post

TicWatch Pro 5 with 1.43-inch AMOLED display, Wear OS 3 launched in India at Rs. 34999

Leave a Reply
Read next
Subscribe to our newsletter
Get notified of the best deals on our WordPress themes.