Expert Comments

Hackers Exploit Unpatched Bug In Rich Reviews WordPress Plugin – Comments

Expert(s): Security Experts
Expert(s): Security Experts

Hackers are currently exploiting an unpatched vulnerability in the Rich Reviews WordPress plugin for malvertising campaigns. Although the plugin was removed for security reasons from the WordPress repository more than six months ago, it is estimated that 16,000 websites still have it running. The two issues allowing the attack are a lack of access controls for changing the plugin’s options and not sanitizing the values of the options.

Experts Comments

September 26, 2019
Amir Shaked
VP, R&D
PerimeterX
WordPress is among the world’s most hacked content management systems. This fact is well known. What is sometimes less well known is that server-side threats like cross-site scripting (XSS) result in client-side code vulnerabilities. Traditional server-side protections do not address client-side vulnerabilities. This is because websites are assembled using code from third-party libraries and partners, and the related user traffic is handled directly by the third-party domains, making it.....Read More
WordPress is among the world’s most hacked content management systems. This fact is well known. What is sometimes less well known is that server-side threats like cross-site scripting (XSS) result in client-side code vulnerabilities. Traditional server-side protections do not address client-side vulnerabilities. This is because websites are assembled using code from third-party libraries and partners, and the related user traffic is handled directly by the third-party domains, making it difficult for website owners to get visibility into potentially malicious code changes. In fact, a recent survey we ran found that only 11% of website decision makers believe they have complete insight into the third-party scripts on their website, yet industry estimates state that up to 70% of code on a website is third-party. Website owners need to remain vigilant to both the server-side and the client-side threats inherent in WordPress.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.
SUBMIT

You may also like

Planned Parenthood LA breached, Experts Weigh In

Data Security Comment: Colorado Energy Company Loses 25 Years Of...

Colorado Energy Company DMEA Loses 25 Years Of Data After...

Governemnt Data Breach Of New Years Honours Recipients

New Malvertising Campaign Spreads Backdoors, Malicious Chrome Extensions

DNA Testing Firm Discloses Data Breach Affecting 2.1 Million People

Data Hacked For 400,000 LA Patients

IKEA Suffering Ongoing “Reply-Chain” Email Attack

Cybersecurity Expert Reaction On UK’s Financial Regulator Scraps 90-day Authentication...

DNA Testing Firm Discloses Data Breach Affecting 2.1 Million People

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts