Get in Touch

Please get in touch using the form below.

PoC released for WordPress plugin vulnerability

Home / Threat Intelligence bulletins / PoC released for WordPress plugin vulnerability

Target Industry

Indiscriminate, opportunistic targeting.

Overview

A Proof-of-Concept (PoC) code has been released in relation to a WordPress (WP) Advanced Custom Fields plugin vulnerability. Tracked as CVE-2023-30777 (CVSSv3 Score 7.1; Severity Level – High), a flaw pertains to reflected cross-site scripting (XSS).

Patchstack released the PoC on 5th May 2023. The next day, active exploitation of the vulnerability was detected via the utilisation of the PoC code.

Impact

Successful exploitation of CVE-2023-30777 allows threat actors to harvest data and engage in privilege escalation on affected WordPress sites.

Affected Products

WP Engine Advanced Custom Fields Pro and WP Engine Advanced Custom Fields plugins version 6.1.5.

Containment, Mitigations & Remediations

WordPress site administrators using the affected plugins are strongly recommended to apply the ‘Advanced Custom Fields’ free and pro plugins version 5.12.6 update as soon as possible, to prevent exploitation.

Indicators of Compromise

No specific Indicators of Compromise (IoCs) are available currently.

Threat Landscape

Recent reporting has indicated that over 1 million websites using the impacted WordPress plugin

to the latest version, thus providing threat actors with a relatively large attack surface.

WordPress has a significant portion of the website market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to spend their time on, vulnerable WordPress websites can emerge as prime targets. Due to the fact that WordPress websites are associated with widespread usage across the online domain, threat actors will continue to exploit vulnerabilities contained within vulnerable websites in an attempt to extract the sensitive information contained therein.

Threat Group

No attribution to specific threat actors or groups has been identified at the time of writing.

Mitre Methodologies

Common Weakness Enumeration(CWE):

CWE-79 – Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

Further Information

Patchstack Advisory

Intelligence Terminology Yardstick