Get a Pentest and security assessment of your IT network.

Cyber Security

WordPress plugin bug lets hackers create rogue admin accounts

The Real-Time Find and Replace plugin allows users to temporarily replace text and code content on their sites in real-time without having to go into the sites’ source code. The vulnerability is a Cross-Site Request Forgery (CSRF) that leads to Stored Cross-site Scripting (Stored XSS) attacks. It can be abused to trick WordPress admins into injecting malicious JavaScript into their own websites’ pages after clicking a malicious link. The malicious code could then be used to inject a new administrative user account, steal session cookies, or redirect users to a malicious site.

Source: https://www.bleepingcomputer.com/news/security/wordpress-plugin-bug-lets-hackers-create-rogue-admin-accounts/

Related posts
Cyber Security

Zip Codes & PII: Are They Personal Data?

Cyber Security

Zero-Day Vulnerabilities: User Defence Guide

Cyber Security

Zero Knowledge Voting with Trusted Server

Cyber Security

ZeroNet: 51% Attack Risks & Mitigation