WordPress Plugin Bug Opens 100K Websites to Compromise – Threatpost

[ad_1]

Legions of website visitors could be infected with drive-by malware, among other issues, thanks to a CSRF bug in Real-Time Search and Replace.

A high-severity cross-site request forgery (CSRF) vulnerability in Real-Time Find and Replace, a WordPress plugin installed on more than 100,000 sites, could lead to cross-site scripting and the injection of malicious JavaScript anywhere on a victim site.

According to research from Wordfence released on Monday, the malicious code injection could be used to create a new administrative user account, steal session cookies, redirect users to a…

[ad_2]
More Info

About mblog.my

Check Also

Adding Images From Your Phone With Ease – WordPress.com News

Adding Images From Your Phone With Ease – WordPress.com News

[ad_1] We’re excited to share a new feature in the desktop editor and Jetpack mobile …