Hackers are currently exploiting an unpatched vulnerability in the Rich Reviews WordPress plugin for malvertising campaigns. Although the plugin was removed for security reasons from the WordPress repository more than six months ago, it is estimated that 16,000 websites still have it running. The two issues allowing the attack are a lack of access controls for changing the plugin’s options and not sanitizing the values of the options.
An unpatched #security vulnerability in the Rich Reviews #WordPress plugin is putting an estimated 16,000 sites in danger of cross-site scripting attacks. (H/T @wordfence) https://t.co/CE264xeyyM
— Threatpost (@threatpost) September 25, 2019
Experts Comments
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.
Be part of our growing Information Security Expert Community (1000+), please register here.
Linkedin Message
@Amir Shaked, VP, R&D, provides expert commentary at @Information Security Buzz.
"Website owners need to remain vigilant to both the server-side and the client-side threats inherent in WordPress...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/hackers-exploit-unpatched-bug-in-rich-reviews-wordpress-plugin-perimeterx-comments
Facebook Message
@Amir Shaked, VP, R&D, provides expert commentary at @Information Security Buzz.
"Website owners need to remain vigilant to both the server-side and the client-side threats inherent in WordPress...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/hackers-exploit-unpatched-bug-in-rich-reviews-wordpress-plugin-perimeterx-comments