XSS vulnerability in popular WordPress plugin SEOPress could enable complete site takeover

Security issue in CMS add-on has been patched

A cross-site scripting (XSS) vulnerability in a popular WordPress plugin could allow an attacker to completely take over a website, researchers have warned.

The flaw made it possible for an attacker to inject arbitrary web scripts on a vulnerable site, which would execute anytime a user accessed the ‘All Posts’ page.

The vulnerable plugin, SEOPress, is installed on more than 100,000 websites.

Researcher Chloe Chamberland, threat analyst at Wordfence, explained the security issue in a blog post.


More Info

About mblog.my

Check Also

WordPress SEO Agency: How To Choose The Right SEO Agency

What if we told you that it’s possible for your WordPress website to show up …

Leave a Reply

Your email address will not be published. Required fields are marked *