Reflected XSS in WordPress Plugin Admin Pages

The administrative dashboard in WordPress is a pretty safe place: Only elevated users can access it. Exploiting a plugin’s admin panel would serve very little purpose here — an administrator already has the required permissions to do all of the actions a vulnerability could cause.

While this is usually true, there are a number of techniques bad actors are using to trick an administrator into performing actions they would not expect, such as Cross Site Request Forgery (CSRF) or Clickjacking attacks. By using these techniques, an attacker can exploit a vulnerability on the behalf of an…


More Info

About mblog.my

Check Also

Elphill Technology – Avail WordPress Website Development

Benefits of WordPress Development The popularity of WordPress as one of the most user-friendly website …

Leave a Reply

Your email address will not be published. Required fields are marked *