900,000 WordPress Sites Face ‘XSS Attacks’

By Veritis

900,000 WordPress Sites Face 'XSS Attacks'

Here is a cybersecurity alert!

The latest update informed that nearly ‘1 million WordPress accounts’ are under the compromise risk, at the scripting level.

The attack is reportedly happening through the ‘site redirect’ move initiated by intruders after hacking the XSS code.

In its statement on April 28, 2020, the WordFence Threat Intelligence Team informed that the number of XSS threats had increased 30 times the normal rate.

Based on the proof that the same payload is used for all attacks, the team confirmed that there is only a single threat actor behind these incidents.

Supposedly the malicious JavaScript, this payload redirects the users and takes over the site’s admin panel to insert a threat in the site’s theme header.

“Attackers can use XSS vulnerabilities to gain privileged access to a website and plant malicious JavaScript code that can steal user data, spread malware, or hijack users to nefarious sites. Such techniques have been used to launch Magecart attacks against thousands of e-commerce sites resulting in the theft of millions of credit card numbers,” says an expert in XSS security.

As experts say, XSS attacks can cause severe issues by way of redirect.

The team further confirmed that the threat actors might have initiated small-scale attacks before April 28, 2020, before initiating 20 million attacks on more than 50,000 individual sites on May 03, 2020, alone.

WordPress plugins have been observed as the prime targets and have suffered the most in these attacks.

Most of these were inactive or discontinued or unpatched WordPress plugins still under use by site administrators.

“Over the course of the past month in total, we’ve detected over 24,000 distinct IP addresses sending requests matching these attacks to over 900,000 sites,” the WordFence adds.

XSS in Easy2Map, a plugin with only 3,000 installs, was the primary target in 50 percent of the recent attacks.

Another primary target was the ‘update vulnerability’ option in the plugin Total Donations plugin, which was already removed from the Envato Marketplace in early 2019.