The Latest in IT Security

New Vulnerability in Popular WordPress Plugin Exposes Over 2 Million Sites to Cyberattacks

06
May
2023
New Vulnerability in Popular WordPress Plugin Exposes Over 2 Million Sites to Cyberattacks

image credit: unsplash

Users of Advanced Custom Fields plugin for WordPress are being urged to update version 6.1.6 following the discovery of a security flaw.

The issue, assigned the identifier CVE-2023-30777, relates to a case of reflected cross-site scripting (XSS) that could be abused to inject arbitrary executable scripts into otherwise benign websites.

The plugin, which is available both as a free and pro version, has over two million active installations. The issue was discovered and reported to the maintainers on May 2, 2023.

Related posts:
  1. Why the Microsoft Exchange Server attack isn’t going away soon
  2. Insecure WordPress plugin exposes thousands of sites to takeover attacks
  3. Large-Scale Attack Targeting Tatsu Builder WordPress Plugin
  4. Patchable and Preventable Security Issues Lead Causes of Q1 Attacks
  5. WordPress sites are being attacked with another major plugin hack

Read More

Tags:  
Written by Thehackernews
0 Comments
Comments are closed.

Categories

SUNDAY, FEBRUARY 23, 2025
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments