Advertisement
Top
image credit: Unsplash

Hackers Can Inject Code Into WordPress Sites via Flaw in Product Review Plugin

May 18, 2020

Via: Security Week
Category:

WP Product Review Lite is designed for creating product reviews on WordPress websites. It supports the creation of a top products review widget and also allows monetization through the addition of a “buy now” button in posts. The plugin has more than 40,000 installations.

Last week, the team of developers behind the plugin addressed an unauthenticated persistent Cross-Site Scripting (XSS) vulnerability that could have been exploited to inject code into all of a website’s product pages.

Read More on Security Week

RELATED PUBLICATIONS

North Korean Hackers Hijack Antivirus Updates for Malware Delivery
MITRE says it was hit by hackers exploiting Ivanti flaws
Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage

Latest Publications

Kaiser Permanente Discloses Data Breach Impacting 13.4 Million People
The Los Angeles County Department of Health Services disclosed a data breach
Sweden’s liquor supply severely impacted by ransomware attack on logistics company
Security Curated Copyright © 2024. All rights reserved
Go to ITCurated!