Skip to content

This security flaw could affect up to 1.5 million WordPress sites, so patch now

Experts have warned that hackers are using an Unauthenticated Stored Cross-Site Scripting (XSS) flaw in a WordPress plugin to target thousands of websites.

The flaw was discovered by Defiant cybersecurity researchers in Beautiful Cookie Consent Banner, a WP cookie consent plugin with over 40,000 active installations. The vulnerability could be exploited by attackers to insert malicious JavaScripts into compromised websites, which would then be executed in visitors’ browsers.