WordPress plugin bugs can let hackers take over almost 1M sites

Two high severity vulnerabilities found in the Page Builder WordPress plugin installed on more than 1,000,000 sites can let hackers create new admin accounts, plant backdoors, and ultimately take over the compromised websites.

The vulnerabilities are a Cross-Site Request Forgery (CSRF) leading to Reflected Cross-Site Scripting (XSS) attacks and they affect all Page Builder versions up to and including 2.10.15.

Attackers can exploit these security flaws by tricking WordPress site administrator into clicking specially crafted links or attachments and execute malicious code in…


More Info

About mblog.my

Check Also

Re-Creating The New York Times’ Website in Under 30 Minutes Using WordPress.com – WordPress.com News

Re-Creating The New York Times’ Website in Under 30 Minutes Using WordPress.com – WordPress.com News

Using WordPress blocks and the Site Editor to quickly build a lookalike of one of …