Following a security issue, users of the Advanced Custom Fields WordPress plugins are being recommended to update to version 6.1.6.
The security flaw, known as CVE-2023-30777 is reflected in cross-site scripting (XSS). Moreover, it may be exploited to insert arbitrary executable programmes into otherwise secure web pages.
There are more than two million active installs of the plugin, which is offered in both a free and a pro edition. On May 2, 2023, the problem was identified and reported to the maintainers.
Vulnerable WordPress Plugins
According to a cybersecurity website researcher, this vulnerability allows any unauthenticated user from stealing sensitive information to, in this case, privilege escalation on the WordPress hosted site by tricking a privileged user to visit the crafted URL path.
In reflected XSS attacks, targets are tricked into clicking on fake links supplied via email or another channel. Then it sends the malicious code to the susceptible website and reflects the attack to the user’s browser.
Due to aspect of social engineering, reflected XSS attacks don’t have the same reach and scope as stored XSS attacks. Furthermore, the threat actors spread the malicious link to as many victims as they can.
According to a security service website, A reflected XSS attack is caused by incoming requests that were not sufficiently sanitized. This enables the manipulation of a web application‘s functions and the activation of malicious scripts.
The CVE-2023-30777 can be enabled on an Advanced Custom Fields installation or configuration that is set up by default. It is important to note, however, that only logged-in users with access to the plugin can do this.
Hackers might use the two medium-severity XSS weaknesses (CVE-2023-30177 and CVE-2023-31144) that Craft CMS fixed to serve malicious payloads.
It also comes after the publication of another XSS weakness in cPanel CVE-2023-29489, CVSS score: 6.1. This may be used to run arbitrary JavaScript without any authentication.
Another security researcher stated that an attacker can not only attack the management ports of cPanel but also the applications that are running on ports 80 and 443, adding that it might allow an adversary to hijack a legitimate user’s cPanel session.
It is often simple to upload a web shell and obtain command execution once operating on behalf of a cPanel authorised user.