216.73.216.6

Active exploitation of stored XSS vulnerabilities in WordPress Plugins

· Published 31/05/2024 12:23 · Modified 31/05/2024 12:36

Export JSON

Essential information

Published
31/05/2024 12:23
Modified
31/05/2024 12:36
Tags
2024-05-31 CVE-2023-40000 CVE-2023-6961 CVE-2024-2194 wordpress xss
Related entities
3 vulnerabilities (cve), 28 observables, 14 techniques (mitre)

Description

Recent months have witnessed active exploitation attempts targeting multiple cross-site scripting () vulnerabilities in popular plugins. The attacks involve injecting malicious scripts that create new admin accounts, install backdoors, and implement tracking mechanisms. The affected plugins include WP Statistics, WP Meta SEO, and LiteSpeed Cache, with exploitation observed from IP addresses linked to entities like IP Volume Inc. and Telkom Internet LTD, primarily concentrated in the Netherlands.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

External references