Two vulnerabilities have been found in the WordPress plugin “Orbit Fox by ThemeIsle” used by more than 400,000 sites. One made it possible for attackers with contributor level access or above to escalate their privileges to those of an administrator and potentially take over a WordPress site.
Experts Comments
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.
Be part of our growing Information Security Expert Community (1000+), please register here.
With more than 30 percent of the web currently powered by WordPress, it remains an attractive target for attackers. These two vulnerabilities in the Orbit Fox plugin —a cross-site scripting flaw and a privilege-escalation bug with a CVSS bug-severity score of 9.9— together could allow attackers the ability to inject malicious Javascript code into exposed websites with the goal of taking over control of them. Attackers can then plant malware, steal data and hijack users to nefarious sites.
.....Read MoreWith more than 30 percent of the web currently powered by WordPress, it remains an attractive target for attackers. These two vulnerabilities in the Orbit Fox plugin —a cross-site scripting flaw and a privilege-escalation bug with a CVSS bug-severity score of 9.9— together could allow attackers the ability to inject malicious Javascript code into exposed websites with the goal of taking over control of them. Attackers can then plant malware, steal data and hijack users to nefarious sites. Such techniques have been used to launch Magecart attacks against thousands of e-commerce sites resulting in the theft of millions of credit card numbers.
Read LessLinkedin Message
@Ameet Naik, Security Evangelist , provides expert commentary at @Information Security Buzz.
"Attackers can plant malware, steal data and hijack users to nefarious sites. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-insight-on-critical-orbit-fox-wordpress-plugin-vulnerability
Facebook Message
@Ameet Naik, Security Evangelist , provides expert commentary at @Information Security Buzz.
"Attackers can plant malware, steal data and hijack users to nefarious sites. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-insight-on-critical-orbit-fox-wordpress-plugin-vulnerability