Two critical vulnerabilities in popular
Wordpress plugin Page Builder by SiteOrigin were found by the Wordfence Threat
Intelligence team. The vulnerabilities are Cross-Site Request Forgery (CSRF)
leading to the Reflected Cross-Site Scripting (XSS). Both flaws allow cybercriminals
to execute malicious code in admin’s browser.
The first one was found in the plugin’s live
editor and another one in the action_builder_content function.
Patch was released May 05 and more than 60%
of users already have updated the plugin version. If you did not do it yet,
please update your Page Builder plugin as soon as possible.
No comments:
Post a Comment