Attackers can exploit a critical vulnerability in the WP Product Review Lite plugin installed on over 40,000 WordPress sites to inject malicious code and potentially take over vulnerable websites.
WP Product Review Lite helps site owners to quickly create custom review articles using pre-defined templates.
The plugin comes with support for including affiliate links, rich snippets, review widgets, as well as for buy buttons for additional monetization streams.
Persistent XSS leading to site takeover
The WP Product Review Lite bug found by the Sucuri Labs research team can be remotely…