Critical WordPress plugin bug allows for automated takeovers

Attackers can exploit a critical vulnerability in the WP Product Review Lite plugin installed on over 40,000 WordPress sites to inject malicious code and potentially take over vulnerable websites.

WP Product Review Lite helps site owners to quickly create custom review articles using pre-defined templates.

The plugin comes with support for including affiliate links, rich snippets, review widgets, as well as for buy buttons for additional monetization streams.

Persistent XSS leading to site takeover

The WP Product Review Lite bug found by the Sucuri Labs research team can be remotely…

More Info


Check Also

First Look at Twenty Twenty-One, WordPress’s Upcoming Default Theme – WordPress Tavern

Fashion is ephemeral. Art is eternal. Indeed what is a fashion really? A fashion is …