The specific vulnerability, tracked as CVE-2023-30777, exists because of an improper sanitization of output in a function configured as an extra handler for a WordPress hook. The vulnerability allows attackers to inject malicious scripts and other payloads into vulnerable websites, and the code would be executed when guests visit these websites. The issue can be triggered even in default plugin installations and does not require authentication for successful exploitation. This means that while the vulnerability was addressed with the release of ACF version 6.1.6 on May 4, and patch was included in version 5.12.6 of the plugin as well, exploitation attempts targeting the vulnerability were already in full swing by May 6.
The threat actors behind these attacks are not sophisticated, according to Akamai. It appears that they made no efforts to create a new exploit code, relying only on the PoC that was already in the public domain. Because more than two million WordPress websites are using the ACF plugin, the exploitation of CVE-2023-30777 is likely to continue. Users are strongly advised to update their installations as soon as possible.
WordPress plugins and themes are the primary attack surface of the platform, and security for these plugins, including prompt patching of any vulnerabilities discovered, is critical. However, users still need to be proactive with their security responsibilities such as updating software regularly, cyber hygiene practices like strong passreplaces and backups, and other security measures such as firewalls and risk assessments. Companies must introduce proactive security measures like network segmentation, employee awareness training, and patch management protocols.
The implication of this attack is enormous, considering the widespread adoption of the ACF plugin. The security of any plugin or theme depends largely on the developer, but developers and WordPress website administrators must work together to ensure prompt patching and adherence to best security practices. In summary, WordPress should continually emphasize security for plugins, provide education and technical resources for developers, and clearly note when a plugin is no longer maintained or updated, as this can lead to increased vulnerabilities. Ultimately, companies must adopt a security culture and prioritize ensuring the security of their data, systems, and customers to eliminate vulnerabilities that can lead to hacking and data breaches.
<< photo by Tima Miroshnichenko >>
You might want to read !
- Former Ubiquiti Employee Receives 6-Year Jail Term for $2 Million Cryptocurrency Extortion
- Australia’s Cybersecurity Strategy Needs a Comprehensive Review to Tackle Emerging Threats, Rather Than Imposing Bans on Social Media Apps
- “Unlocking the Future: The Rise of Passkeys and Password Alternatives”
- Year-long Cyber Campaign Unveils Sophisticated Backdoor and Custom Implant, Find Researchers.
- Philadelphia Inquirer faces cyberattack leading to major disruption
- “Smart Meters: A New Vulnerability in the Electricity Grid for Hackers to Exploit”
- Exploring the Implications of Outdated Linux Vulnerabilities on Cybersecurity: A Look at Recent Attacks Through the Lens of CISA
- CLR SqlShell Malware Exploits MS SQL Servers for Crypto Mining and Ransomware