Cybercriminals have been spotted abusing a known, high-severity vulnerability in a popular WordPress plugin, just a day after a proof-of-concept (PoC) exploit was published.Cybersecurity researchers from PatchStack discovered a cross-site script (XSS) vulnerability in Advanced Custom Fields, a popular plugin for the WordPress website builder (opens in new tab), with more than two million active installs. The flaw, tracked as CVE-2023-30777, allowed threat actors to steal sensitive data from visitors and, in some cases, take over the website, entirely.Fast-moving crooksPatchStack
…
Read more