Get a Pentest and security assessment of your IT network.

Request a quote
Cyber Security

WordPress Plugin Bug Opens 100K Websites to Compromise

April 28, 2020

A CSRF bug in Real-Time Find and Replace, a WordPress plugin, could lead to cross-site scripting and the injection of malicious JavaScript anywhere on a victim site. A successful exploit of the bug would require a site s administrator to click on a malicious link in a comment or email. The malicious code injection could be used to create a new administrative user account, steal session cookies and steal session users to a malicious site, obtain administrative access or infect innocent visitors browsing a compromised site.

Source: https://threatpost.com/wordpress-plugin-bug-100k-websites-compromise/155230/

1
Share:
Related posts
Cyber Security

Ashley Madison 2.0 Hackers Leak 20GB Data Dump, Including CEO's Emails

November 7, 2022
Cyber Security

Art of Twitter account hacking

November 7, 2022
Cyber Security

Alexa Eavesdropping Flub Re-Sparks Voice Assistant Privacy Debate

April 19, 2022
Cyber Security

Dan Geer, Richard Thieme on specialization in security

April 19, 2022