Geeks for your information News Privacy & Security News v
Hackers Exploit Unpatched Bug in Rich Reviews WordPress Plugin
Hackers Exploit Unpatched Bug in Rich Reviews WordPress Plugin
silversurfer Offline
Staff Member
******
Posts: 3,885
Threads: 3,283
Thanks Received: 5,064 in 3,838 posts
Thanks Given: 6,200
Joined: 12 September 18
#1
25 September 19, 18:54
Quote:Site administrators still using the Rich Reviews plugin for WordPress are easy targets as hackers are currently exploiting an unpatched vulnerability for malvertising campaigns.
Although the plugin was removed for security reasons from the WordPress repository more than six months ago, it is estimated that 16,000 websites still have it running.
 
The plugin is vulnerable to unauthenticated plugin option updates and attackers are leveraging it to deliver stored cross-site scripting (XSS) payloads. The JavaScript is triggered by both website visitors and authenticated administrators.
According to researchers from Defiant, there are two issues permitting the attack. One is a lack of access controls for changing the plugin's options, and the other is not sanitizing the values of the options.

Read more here: https://www.bleepingcomputer.com/news/se...ss-plugin/
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
Free Download Manager 6.33.1.6648
Changes in 6.33.1....harlan4096 — 08:33
Brave 1.87.190 (Chromium 145.0.7632.109)
Release v1.87.190 ...harlan4096 — 08:32
LibreOffice 25.8.5
Berlin, 19 Februar...harlan4096 — 08:30
Google Chrome 145.0.7632.109/110
Google Chrome 145....harlan4096 — 08:29
Internet Download Manager 6.32 Build 9
Internet Download ...Kool — 00:41

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
avatar (46)dimaWeami
avatar (38)Michaelaburi
avatar (46)dpascoal
avatar (44)Baihu

[-]
Online Staff
There are no staff members currently online.

>