Headlines

WordPress Field Builder Plugin Vulnerability: Patch Not Enough as Attacks Continue

WordPress Field Builder Plugin Vulnerability: Patch Not Enough as Attacks Continuewordpress,plugin,vulnerability,security,patch,attacks
Vulnerabilities in WordPress plugins have increasingly become a cause for concern, as malicious actors keep targeting common software, leading to numerous data breaches. Recently, Akamai reported a public proof-of-concept (PoC) exploit code that is targeting Advanced Custom Fields (ACF) WordPress plugin vulnerabilities. This plugin is commonly used, which means the effects of any vulnerability targeting it may be large-scale. Akamai reports that the attackers started adopting the code targeting a cross-site scripting (XSS) vulnerability in the plugin only two days after a patch was released. Interestingly, the most notable factor in the attacks was the threat actor behind it, who used exactly the same PoC exploit that Patchstack had used for its identification.

The specific vulnerability, tracked as CVE-2023-30777, exists because of an improper sanitization of output in a function configured as an extra handler for a WordPress hook. The vulnerability allows attackers to inject malicious scripts and other payloads into vulnerable websites, and the code would be executed when guests visit these websites. The issue can be triggered even in default plugin installations and does not require authentication for successful exploitation. This means that while the vulnerability was addressed with the release of ACF version 6.1.6 on May 4, and patch was included in version 5.12.6 of the plugin as well, exploitation attempts targeting the vulnerability were already in full swing by May 6.

The threat actors behind these attacks are not sophisticated, according to Akamai. It appears that they made no efforts to create a new exploit code, relying only on the PoC that was already in the public domain. Because more than two million WordPress websites are using the ACF plugin, the exploitation of CVE-2023-30777 is likely to continue. Users are strongly advised to update their installations as soon as possible.

WordPress plugins and themes are the primary attack surface of the platform, and security for these plugins, including prompt patching of any vulnerabilities discovered, is critical. However, users still need to be proactive with their security responsibilities such as updating software regularly, cyber hygiene practices like strong passreplaces and backups, and other security measures such as firewalls and risk assessments. Companies must introduce proactive security measures like network segmentation, employee awareness training, and patch management protocols.

The implication of this attack is enormous, considering the widespread adoption of the ACF plugin. The security of any plugin or theme depends largely on the developer, but developers and WordPress website administrators must work together to ensure prompt patching and adherence to best security practices. In summary, WordPress should continually emphasize security for plugins, provide education and technical resources for developers, and clearly note when a plugin is no longer maintained or updated, as this can lead to increased vulnerabilities. Ultimately, companies must adopt a security culture and prioritize ensuring the security of their data, systems, and customers to eliminate vulnerabilities that can lead to hacking and data breaches.

cybersecurityreplacepress,plugin,vulnerability,security,patch,attacks


WordPress Field Builder Plugin Vulnerability: Patch Not Enough as Attacks Continue
<< photo by Tima Miroshnichenko >>

You might want to read !