New Vulnerability in Popular WordPress Plugin Exposes Over 2 Million Sites to Cyberattacks | allinfosecnews.com

May 16, 2023, 4:57 p.m. | /u/aptconsulting

cybersecurity www.reddit.com

Advanced Custom Fields plugin for WordPress has discovered a security flaw that requires users to update to version 6.1.6.

The vulnerability (CVE-2023-30777) is a case of reflected cross-site scripting (XSS), allowing the injection of arbitrary executable scripts into benign websites. This could lead to privilege escalation on the WordPress site, enabling any unauthenticated user to steal sensitive information. The free and pro versions of the plugin both have over two million active installations.

The reflected XSS attack takes place when …

advanced advanced custom fields plugin case cross-site cve cyberattacks cybersecurity escalation flaw injection plugin popular privilege privilege escalation scripting scripts security update version vulnerability websites wordpress wordpress plugin xss

More from www.reddit.com / cybersecurity

Russian hackers attack Texas water facility 4 hours ago | www.reddit.com

Are We Ready for a Cyber Attack on Food and Farming? : Authorities are working … 7 hours ago | www.reddit.com

agriculture attack cyber cybersecurity +9

2x Actively Exploited Cisco CVEs in Adaptive Security Compliance (ASA) & Firepower Threat Defense (FTD) 8 hours ago | www.reddit.com

actively exploited adaptive security asa cisco +15

Sr. Analyst or Engineer Role? 9 hours ago | www.reddit.com

analyst ask cybersecurity engineer +8

Ring customers get $5.6 million in privacy breach settlement 10 hours ago | www.reddit.com

breach customers cybersecurity privacy +3

Nontechnical GRC 10 hours ago | www.reddit.com

auditor aware controls cybersecurity +8

How to land a Soc Analyst L1 job? 11 hours ago | www.reddit.com

advice analyst blue certifications +10

I attended Gulf Information Security Expo & Conference (GISEC) in Dubai. Why is Splunk the … 11 hours ago | www.reddit.com

analysis assessment companies conference +25

FTC bans non competes. F yeah. 13 hours ago | www.reddit.com

bans cybersecurity ftc non

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Security Audit and Compliance Technical Analyst

@ Accenture Federal Services | Washington, DC

View on infosec-jobs.com

ICS Cyber Threat Intelligence Analyst

@ STEMBoard | Arlington, Virginia, United States

View on infosec-jobs.com

Cyber Operations Analyst

@ Peraton | Arlington, VA, United States

View on infosec-jobs.com

Cybersecurity – Information System Security Officer (ISSO)

@ Boeing | USA - Annapolis Junction, MD

View on infosec-jobs.com

Network Security Engineer I - Weekday Afternoons

@ Deepwatch | Remote

View on infosec-jobs.com