WordPress Plugin Bug Opens 100K Websites to Compromise – Threatpost

Legions of website visitors could be infected with drive-by malware, among other issues, thanks to a CSRF bug in Real-Time Search and Replace.

A high-severity cross-site request forgery (CSRF) vulnerability in Real-Time Find and Replace, a WordPress plugin installed on more than 100,000 sites, could lead to cross-site scripting and the injection of malicious JavaScript anywhere on a victim site.

According to research from Wordfence released on Monday, the malicious code injection could be used to create a new administrative user account, steal session cookies, redirect users to a…


More Info

About mblog.my

Check Also

First Look at Twenty Twenty-One, WordPress’s Upcoming Default Theme – WordPress Tavern

Fashion is ephemeral. Art is eternal. Indeed what is a fashion really? A fashion is …