Up to 1.5 million WordPress sites could be hit by this security flaw – so patch up now

Hackers are reportedly using an Unauthenticated Stored Cross-Site Scripting (XSS) flaw in a WordPress plugin to target thousands of websites, experts have warned.

Cybersecurity researchers from Defiant discovered the flaw in Beautiful Cookie Consent Banner, a WP cookie consent plugin with more than 40,000 active installations. The attackers could use the vulnerability to add malicious JavaScripts into the compromised websites, which would then be executed in the visitors’ browsers. 

Source: www.techradar.com