The Akamai Security Intelligence Group (SIG) analyzed attack attempt activity following the announcement of a critical vulnerability in a popular WordPress custom fields plug-in that affects more than 2 million sites.
This vulnerability could be exploited through a reflected cross-site scripting (XSS) attack, which involves injecting malicious code into a victim site and pushing it to its visitors.
On May 4, 2023, WP Engine announced the security fix in version 6.1.6, including sample exploit code as a proof of concept (PoC). However, the rapid response time of cyber attackers was evident as the SIG observed significant attack attempt activity just two days after the announcement.
Attackers were scanning for vulnerable sites using the sample code provided in the technical write-up, highlighting the need for prompt patch management.
The recommended action is to upgrade ‘Advanced Custom Fields’ free and pro plugins to version 5.12.6 (backported) and 6.1.6.
