Security Expert Re: XSS Vulnerability Impacts 100,000 WordPress Websites with KingComposer Plugin

A reflected cross-site scripting (XSS) vulnerability impacting 100,000 websites has been patched in the KingComposer WordPress plugin. A patched version of the plugin, version 2.9.5, was released on June 29.  While approximately 62% of users have updated to version 2.9.5,  around 38% of websites with KingComposer enabled are still at risk of exploit.  

Experts Comments

July 13, 2020
Tim Chiu
Vice President of Marketing
K2 Cyber Security
XSS vulnerabilities still plague us even though XSS was first found in the year 2000 -- we’re now in the 20th anniversary of its discovery. By 2007, XSS had become the most common exploit of web applications. Unfortunately, today XSS is still one of the most attacked vulnerabilities and ranks as one of the OWASP top 10 web application security risks. To prevent XSS attacks, developers should implement good coding practices when writing and creating a web application. But while that’s a.....Read More
XSS vulnerabilities still plague us even though XSS was first found in the year 2000 -- we’re now in the 20th anniversary of its discovery. By 2007, XSS had become the most common exploit of web applications. Unfortunately, today XSS is still one of the most attacked vulnerabilities and ranks as one of the OWASP top 10 web application security risks. To prevent XSS attacks, developers should implement good coding practices when writing and creating a web application. But while that’s a great start to application security, there’s of course no guarantee that testing and good code writing will catch all the XSS vulnerabilities in the application code. Every organization still needs a layer of application security and protection for those undiscovered XSS vulnerabilities.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.