The vulnerability was discovered by researchers at Sucuri Labs: “During a routine research audit for our Sucuri Firewall, we discovered an Unauthenticated Persistent Cross-Site Scripting (XSS) affecting 40,000+ users of the WP Product Review plugin.”
According to Sucuri, attackers can bypass WordPress function to exploit the Stored XSS (Cross-Site Scripting) issue and inject malicious scripts to all stored in database products.
After website admin will access a compromised product, attackers will redirect him to a malicious site or steal his session cookies which will allow cybercriminals to be authenticated as an admin.
Despite Sucuri Labs said that they didn’t see any attacks exploiting this flaw, experts recommended site administrators to update their plugin as soon as possible.
#cybersecurity #news #hacker #wordpress #plugin
No comments:
Post a Comment