image credit: Unsplash

Hackers Can Inject Code Into WordPress Sites via Flaw in Product Review Plugin

May 18, 2020

WP Product Review Lite is designed for creating product reviews on WordPress websites. It supports the creation of a top products review widget and also allows monetization through the addition of a “buy now” button in posts. The plugin has more than 40,000 installations.

Last week, the team of developers behind the plugin addressed an unauthenticated persistent Cross-Site Scripting (XSS) vulnerability that could have been exploited to inject code into all of a website’s product pages.

Read More on Security Week