Active exploitation of stored XSS vulnerabilities in WordPress Plugins
May 31, 2024, 12:36 p.m.
Description
Recent months have witnessed active exploitation attempts targeting multiple cross-site scripting (XSS) vulnerabilities in popular WordPress plugins. The attacks involve injecting malicious scripts that create new admin accounts, install backdoors, and implement tracking mechanisms. The affected plugins include WP Statistics, WP Meta SEO, and LiteSpeed Cache, with exploitation observed from IP addresses linked to entities like IP Volume Inc. and Telkom Internet LTD, primarily concentrated in the Netherlands.
Date
| Published | Created | Modified |
|---|---|---|
| May 31, 2024, 12:23 p.m. | May 31, 2024, 12:23 p.m. | May 31, 2024, 12:36 p.m. |
Indicators
admim@mystiqueapi.com
Attack Patterns
T1064
T1505
T1082
T1057
T1496
T1083
T1055
T1098
T1140
T1027
T1056
T1584
T1078
T1059
CVE-2023-6961
CVE-2023-40000
CVE-2024-2194