Following reports from Bleeping Computer, a 300, 000 active installation of dangerous bug has been found in Google’s official WordPress plugin. Attributed to the disclosure of the proxySetupURL within the HTML source code of admin pages, this enables hackers to have owner access to the site’s Google Search Console. Not only that, but “the verification request used to verify a site’s ownership was a registered admin action” fails to have any capability checks. Thus, such requests can come from any authenticated WordPress user.
Experts Comments
Dot Your Expert Comments
Only for registered and approved experts. Please register before providing comments. Register here
Linkedin Message
@Martin Jartelius, CSO , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
" It should be patched at the soonest possible...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-commentary-google-wordpress-plugin-bug-can-be-exploited-for-black-hat-seo
Facebook Message
@Martin Jartelius, CSO , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
" It should be patched at the soonest possible...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-commentary-google-wordpress-plugin-bug-can-be-exploited-for-black-hat-seo