Skip to content

This security flaw could affect up to 1.5 million WordPress sites, so patch now

Wordpress brand logo on computer screen. Man typing on the keyboard.

Experts have warned that hackers are using an Unauthenticated Stored Cross-Site Scripting (XSS) flaw in a WordPress plugin to target thousands of websites.

The flaw was discovered by Defiant cybersecurity researchers in Beautiful Cookie Consent Banner, a WP cookie consent plugin with over 40,000 active installations. The vulnerability could be exploited by attackers to insert malicious JavaScripts into compromised websites, which would then be executed in visitors’ browsers.