Hackers have been exploiting a critical security vulnerability in a popular WordPress plugin, putting thousands of websites at risk, according to cybersecurity experts. The flaw, known as an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability, was discovered by researchers from Defiant in the Beautiful Cookie Consent Banner plugin, which boasts over 40,000 active installations. By leveraging this vulnerability, attackers can inject malicious JavaScript code into compromised websites, potentially compromising the security and integrity of the sites.
XSS attacks can have severe consequences, ranging from the theft of sensitive data and sessions to complete takeover of vulnerable websites. In this particular case, threat actors could exploit the flaw to create admin accounts, granting them full control over the targeted websites. The implications of such an attack could be detrimental to the affected organizations and their users.
