The message rar attachment contains an executable file: the malware itself. Stolen data is exfiltrated with smtp.
At least 13 WordPress plugins are vulnerable to XSS attacks. The Italian CERT-PA: Several PoCs have also been disseminated in this regard, and they are easily usable. Update your sites now!
At least 13 WordPress plugins are vulnerable to cross-site scripting (XSS) attacks. Cyber security researchers found out, who raised the alarm. These are: Prismatic version 2.3, Popup-Builder version 3.61.1, Ultimate-Member 2.1.3, Jetpack 8.2, Forminator 1.11.2 (also vulnerable to Remote file upload), Events-Manager 184.108.40.206, Default-Featured-Image 1.6.1, Yikes Inc Easy Mailchimp Extender 6.6.2, WPForms-Lite 220.127.116.11, Wordfence 7.4.6, WooCommerce 3.9.2, TinyMCE-Advanced 5.3.0 and Really-Simple-SSL 3.2.9. Moreover, the cyber security experts of the Italian CERT-PA also warn that several Proof of Concept (PoC) have been released, easily usable. Consequently, it is recommended to promptly update your site hosted on the blogging platform.
Cyber security experts: WordPress and its users have long been in the sights of cybercrime and XSS attacks
Cyber security experts point out that WordPress has long been targeted by cybercrime with XSS attacks. A flaw of this type, in fact, is a code that allows an attacker to send harmful output to a victim when he visits a website. This can happen for two reasons: the first one sees the cyber attacker making the site archive malicious data, which will be displayed when a victim visits it (stored XSS). The second is characterized by the fact that cybercrime creates a link that shows the user the malicious code when visiting that URL on a website (reflected XSS). In fact, by exploiting the holes in the plugins it is possible to “arm” the sites of the victims and use them in various ways. Also to redirect visitors to other dangerous pages, which contain malware droppers or are fraudulent in nature.