XSS Flaw Exposes Wordpress Beautiful Cookie Consent Banner plugin to attack campaign
Take action: Check your WordPress site and look at the version of your Cookie Consent Banner (we do hope you have one). If you are using Beautiful Cookie Consent Banner plugin, time to click that update...
Learn More
A patch has been released in the latest version of the Beautiful Cookie Consent Banner plugin due to the discovery of serious cross-site scripting (XSS) flaw.
Researchers from Wordfence application firewall for WordPress have identified a cross-site scripting vulnerability in the plugin, which, if exploited, could allow attackers to create malicious redirects and add unauthorized admin accounts. Furthermore the vulnerability caught the adversaries’ attention. A malicious campaign exploiting the flaw was detected via Wordfence firewall blocked which around 3 million attacks against 1.5 million sites since May 2023 attempting an exploit of the Beautiful Cookie Consent Banner plugin vulnerability.
The vulnerability specifically affects versions 2.10.1 and earlier of the plugin. It's caused by inadequate input sanitization and output escaping, enabling the injection of malicious scripts onto targeted web pages.
To prevent potential harm to visitor security and website credibility, it is crucial for WordPress administrators to promptly update their sites with the patched plugin version 2.10.2 or the latest release, version 2.13.0, which includes bug fixes and security enhancements.
