Geeks for your information News Privacy & Security News v
Hackers Exploit Unpatched Bug in Rich Reviews WordPress Plugin
Hackers Exploit Unpatched Bug in Rich Reviews WordPress Plugin
silversurfer Offline
Staff Member
******
Posts: 3,885
Threads: 3,283
Thanks Received: 5,064 in 3,838 posts
Thanks Given: 6,200
Joined: 12 September 18
#1
25 September 19, 18:54
Quote:Site administrators still using the Rich Reviews plugin for WordPress are easy targets as hackers are currently exploiting an unpatched vulnerability for malvertising campaigns.
Although the plugin was removed for security reasons from the WordPress repository more than six months ago, it is estimated that 16,000 websites still have it running.
 
The plugin is vulnerable to unauthenticated plugin option updates and attackers are leveraging it to deliver stored cross-site scripting (XSS) payloads. The JavaScript is triggered by both website visitors and authenticated administrators.
According to researchers from Defiant, there are two issues permitting the attack. One is a lack of access controls for changing the plugin's options, and the other is not sanitizing the values of the options.

Read more here: https://www.bleepingcomputer.com/news/se...ss-plugin/
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
Mozilla Firefox Browser 151.0.1
Mozilla Firefox Br...harlan4096 — 08:57
AnyDesk 9.7.4 for Windows
Version 9.7.4 for ...harlan4096 — 08:55
Microsoft Defender Antivirus security in...
Stable channel upd...harlan4096 — 08:52
Brave 1.90.124 (Chromium 148.0.7778.179)
Release v1.90.124 ...harlan4096 — 08:49
Screenpresso 2.2.12
Screenpresso 2.2.1...harlan4096 — 08:42

[-]
Birthdays
Today's Birthdays
avatar (50)Mirzojap
avatar (36)idilysaju
Upcoming Birthdays
avatar (39)axuben
avatar (40)ihijudu
avatar (40)odukoromu
avatar (46)Joanna4589

[-]
Online Staff
There are no staff members currently online.

>