WordPress Page Builder Plugin Bugs Threaten 1 Million Sites with Full Takeover – Threatpost

Severe CSRF to XSS bugs open the door to code execution and complete website compromise.

Page Builder by SiteOrigin, a WordPress plugin with a million active installs that’s used to build websites via a drag-and-drop function, harbors two flaws that can allow full site takeover.

According to researchers at WordPress, both security bugs can lead to cross-site request forgery (CSRF) and reflected cross-site scripting (XSS). They “allow attackers to forge requests on behalf of a site administrator and execute malicious code in the administrator’s browser,” according to Wordfence…


More Info

About mblog.my

Check Also

10 Things to Consider When Building a WordPress Blog

The advent of WordPress has revolutionized the way people build websites. Whether you’re an amateur …