[ad_1]
Legions of website visitors could be infected with drive-by malware, among other issues, thanks to a CSRF bug in Real-Time Search and Replace.
A high-severity cross-site request forgery (CSRF) vulnerability in Real-Time Find and Replace, a WordPress plugin installed on more than 100,000 sites, could lead to cross-site scripting and the injection of malicious JavaScript anywhere on a victim site.
According to research from Wordfence released on Monday, the malicious code injection could be used to create a new administrative user account, steal session cookies, redirect users to a…
More Info
