Security Expert Re: XSS Vulnerability Impacts 100,000 WordPress Websites with KingComposer Plugin

A reflected cross-site scripting (XSS) vulnerability impacting 100,000 websites has been patched in the KingComposer WordPress plugin. A patched version of the plugin, version 2.9.5, was released on June 29.  While approximately 62% of users have updated to version 2.9.5,  around 38% of websites with KingComposer enabled are still at risk of exploit.  
Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Tim Chiu
Tim Chiu , Vice President of Marketing
InfoSec Expert
July 13, 2020 9:43 am

XSS vulnerabilities still plague us even though XSS was first found in the year 2000 — we’re now in the 20th anniversary of its discovery. By 2007, XSS had become the most common exploit of web applications. Unfortunately, today XSS is still one of the most attacked vulnerabilities and ranks as one of the OWASP top 10 web application security risks.

To prevent XSS attacks, developers should implement good coding practices when writing and creating a web application. But while that’s a great start to application security, there’s of course no guarantee that testing and good code writing will catch all the XSS vulnerabilities in the application code. Every organization still needs a layer of application security and protection for those undiscovered XSS vulnerabilities.

Last edited 2 years ago by Tim Chiu
1
0
Would love your thoughts, please comment.x
()
x