Technical Details
The vulnerability, which was disclosed in November 2023, allows attackers to inject malicious scripts into websites using the plugin. The malicious code then infects visitors’ browsers, potentially stealing sensitive information or further compromising other websites by launching additional attacks.
Impact
Over 3,300 websites have been affected by this malware campaign, which continues to spread rapidly due to the plugin's popularity. Website owners are being urged to update their plugins to the latest versions and implement additional security measures to prevent exploitation.
Significance
This attack illustrates the ongoing threat posed by vulnerabilities in widely-used software plugins and the importance of regular updates and patch management to prevent such vulnerabilities from being exploited.
Labels:
News
