WordPress plugin bug lets hackers create rogue admin accounts

[ad_1]

WordPress plugin bug lets hackers create rogue admin accounts

WordPress owners are advised to secure their websites by updating the Real-Time Find and Replace plugin to prevent attackers from injecting malicious code into their sites and creating rogue admin accounts by exploiting a Cross-Site Request Forgery flaw.

The security vulnerability is a Cross-Site Request Forgery (CSRF) that leads to Stored Cross-Site Scripting (Stored XSS) attacks and it impacts all Real-Time Find and Replace versions up to 3.9.

It can be abused to trick WordPress admins into injecting malicious JavaScript into their own websites’ pages after clicking a malicious link…

[ad_2]
More Info

About mblog.my

Check Also

Adding Images From Your Phone With Ease – WordPress.com News

Adding Images From Your Phone With Ease – WordPress.com News

[ad_1] We’re excited to share a new feature in the desktop editor and Jetpack mobile …