WordPress plugin bug lets hackers create rogue admin accounts

WordPress owners are advised to secure their websites by updating the Real-Time Find and Replace plugin to prevent attackers from injecting malicious code into their sites and creating rogue admin accounts by exploiting a Cross-Site Request Forgery flaw.

The security vulnerability is a Cross-Site Request Forgery (CSRF) that leads to Stored Cross-Site Scripting (Stored XSS) attacks and it impacts all Real-Time Find and Replace versions up to 3.9.

It can be abused to trick WordPress admins into injecting malicious JavaScript into their own websites’ pages after clicking a malicious link…


More Info

About mblog.my

Check Also

Fuxia Scholz First to Pass 100K Reputation Points on WordPress Stack Exchange – WordPress Tavern

Fuxia Scholz, a prolific WordPress Stack Exchange (WPSE) contributor, is the first member to reach …