A new high severity WordPress vulnerability has been found in a Facebook chat plugin, which has been installed on over 80,000 WordPress websites. If exploited, attackers would be able to obtain “authorized” access to the chat plugin and be able to communicate with site visitors to carry out social engineering attacks in an effort to retrieve sensitive information.

Experts Comments

August 07, 2020
Josh Smith
Security Analyst
Nuspire
What makes this particular vulnerability so severe is the attacker’s ability to assume the role of the victim. Through social engineering and creating a “legitimate” story with the brand they assume, the attacker can create all kinds of themes to exploit a user by asking for personal information. As long as an attacker has a method to spin a story, social engineering attacks are always a threat. As such, we will continue to see attempts to directly attack the human element that cause.....Read More
What makes this particular vulnerability so severe is the attacker’s ability to assume the role of the victim. Through social engineering and creating a “legitimate” story with the brand they assume, the attacker can create all kinds of themes to exploit a user by asking for personal information. As long as an attacker has a method to spin a story, social engineering attacks are always a threat. As such, we will continue to see attempts to directly attack the human element that cause damage for the brand, not just the victim. When vulnerabilities are publicly announced, it is a race between administrators and attackers. This exploitation stresses the need to monitor vulnerabilities in relation to one’s tech stack and applications. If you don’t know it’s vulnerable, you can’t patch it. Potential targets should utilize a Web Application Firewall to help prevent exploits while also staying aware of vulnerabilities when they are released in order to proactively protect themselves.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.