XSS vulnerability in popular WordPress plugin SEOPress could enable complete site takeover

Security issue in CMS add-on has been patched

A cross-site scripting (XSS) vulnerability in a popular WordPress plugin could allow an attacker to completely take over a website, researchers have warned.

The flaw made it possible for an attacker to inject arbitrary web scripts on a vulnerable site, which would execute anytime a user accessed the ‘All Posts’ page.

The vulnerable plugin, SEOPress, is installed on more than 100,000 websites.

Researcher Chloe Chamberland, threat analyst at Wordfence, explained the security issue in a blog post.

Insecure…


More Info

About mblog.my

Check Also

The WordPress Community Comes Together in Taipei – WordPress.com News

The WordPress Community Comes Together in Taipei – WordPress.com News

Taking a look at WordPress.com’s presence at WordCamp Asia 2024 in Taipei, Taiwan. This year’s …

Leave a Reply

Your email address will not be published. Required fields are marked *