A vulnerability in the WordPress Advanced Custom Fields plugin has been exploited within 24 hours of the publication of a proof-of-concept (PoC) exploit by the company, according to a recent blog by Akamai. CVE-2023-30777, a high-severity vulnerability affecting the plugin, was identified by a researcher at Patchstack on May 2. Hackers have been using the exploit against the plugin to carry out a cross-site scripting (XSS) attack, introducing various forms of URL manipulation, script injections and redirects that can impact and compromise a victim site. Advanced Custom Fields has more than two million active users across the globe.
The increasing speed of the hackers’ response time has highlighted the need for prompt and vigorous patch management. A higher rate of exploitation of emerging and recently disclosed vulnerabilities remains high and is getting faster, according to Akamai. The publication of the vulnerability and patch has led to an increase in XSS activity. In a little over 48 hours, an observation by Akamai showed that not only was there a significant amount of scanning activity against the vulnerability, but that this was consistent with activity seen in other zero-day vulnerabilities.
In the 48 hours following the publication of the vulnerability, attackers have used sample code to scan for vulnerable websites that have not been patched or upgraded to the latest version. In activity monitored by Akamai, the threat actor was found to have copied and used the Patchstack sample code from the write-up across all verticals. The breadth of activity and the lack of effort to create new exploit code indicates that the threat actor is not sophisticated and was scanning for vulnerable sites. This highlights the importance of patch management and the quick application of patches to ensure security.
Older unpatched vulnerabilities from as far back as 2017 can provide easy access for attackers. Known vulnerabilities are still being successfully exploited in a range of attacks as organizations fail to patch or remediate them successfully, according to Tenable. State-sponsored threat actors have been using the known vulnerabilities to gain initial access to government organizations and disrupt critical infrastructure. To mitigate risk, preventive cybersecurity measures should be the focus of an organization, rather than reactive post-event cybersecurity measures. Regular updates and patches should be applied to enhance security.

Source link