WordPress Page Builder Plugin Bugs Threaten 1 Million Sites with Full Takeover – Threatpost

[ad_1]

wordpress plugin page builder security bug

Severe CSRF to XSS bugs open the door to code execution and complete website compromise.

Page Builder by SiteOrigin, a WordPress plugin with a million active installs that’s used to build websites via a drag-and-drop function, harbors two flaws that can allow full site takeover.

According to researchers at WordPress, both security bugs can lead to cross-site request forgery (CSRF) and reflected cross-site scripting (XSS). They “allow attackers to forge requests on behalf of a site administrator and execute malicious code in the administrator’s browser,” according to Wordfence…

[ad_2]
More Info

About mblog.my

Check Also

Adding Images From Your Phone With Ease – WordPress.com News

Adding Images From Your Phone With Ease – WordPress.com News

[ad_1] We’re excited to share a new feature in the desktop editor and Jetpack mobile …