Hackers Are Targeting Millions of WordPress-Based Websites Through Known Vulnerabilities

Hackers are currently exploiting vulnerabilities in three very popular WordPress plugins, including WP Meta SEO, WP Statistics and LiteSpeed Cache, according to security researchers.

As one of the most popular web content platforms in the world, WordPress is always in the crosshairs, especially through plugins. Like any software, plugins can have vulnerabilities, and most of the time, especially for the important ones, developers are quick to fix security problems.

Unfortunately, having a fix available for a vulnerability is not the same as deploying that fix. Website owners sometimes delay installing the latest fixes, which is exactly what hackers look for when searching for victims.

Security researchers from Fastly discovered that three high severity vulnerabilities, CVE-2024-2194, CVE-2023-6961, and CVE-2023-40000, are currently targeted in a concentrated attack. All of these vulnerabilities are very new but already have patches available that fix the issues,

“These vulnerabilities are found in various WordPress plugins and are prone to unauthenticated stored cross-site scripting (XSS) attacks due to inadequate input sanitization and output escaping, making it possible for attackers to inject malicious scripts,” researchers explained.

“The attack payloads we are observing targeting these vulnerabilities inject a script tag that points to an obfuscated JavaScript file hosted on an external domain.”

The script’s role is straightforward: help attackers create new administrator accounts, inject backdoors into websites, and help criminals monitor infected websites.

The WP Statistics plugin (version 14.5 and earlier), the WP Meta SEO plugin (version 4.5.12 and earlier) and LiteSpeed Cache plugin (version 5.7.0.1 and earlier) are affected. The websites using these plugins number in the millions, and a large portion implement vulnerable older versions.

Web admins are advised to upgrade all plugins to the latest versions and delete any folders that older iterations of the plugins might have created. Of course, an audit of user rights and other similar issues is also advisable, along with inspecting all files to look for injected code