via wptavern.com => original post link
On May 5, Patchstack published a security advisory about a high severity reflected cross-site scripting (XSS) vulnerability in ACF (Advanced Custom Fields), potentially affecting more than 4.5 million users. WP Engine patched the vulnerability on May 4, but the Akamai Security Intelligence Group (SIG) is reporting that attackers began attempting to exploit it within 24 hours of Patchstack’s publication.
“Once exploit vector details are publicly released, scanning and exploitation attempts rapidly increase,” Akamai Principal Security Researcher Ryan Barnett said. “It is common for security researchers, hobbyists, and companies searching for their risk profile to examine new vulnerabilities upon release. However, the volume is increasing, and the amount of time between release and said growth is drastically decreasing. The Akamai SIG analyzed XSS attack data and identified attacks starting within 24 hours of the exploit PoC being made public.
“What is particularly interesting about this is the query itself: The threat actor copied and used the Patchstack sample code from the write-up.“