Hackers are currently exploiting an unpatched vulnerability in the Rich Reviews WordPress plugin for malvertising campaigns. Although the plugin was removed for security reasons from the WordPress repository more than six months ago, it is estimated that 16,000 websites still have it running. The two issues allowing the attack are a lack of access controls for changing the plugin’s options and not sanitizing the values of the options.
An unpatched #security vulnerability in the Rich Reviews #WordPress plugin is putting an estimated 16,000 sites in danger of cross-site scripting attacks. (H/T @wordfence) https://t.co/CE264xeyyM
— Threatpost (@threatpost) September 25, 2019
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
