XSS vulnerability in popular WordPress plugin SEOPress could enable complete site takeover

Security issue in CMS add-on has been patched

A cross-site scripting (XSS) vulnerability in a popular WordPress plugin could allow an attacker to completely take over a website, researchers have warned.

The flaw made it possible for an attacker to inject arbitrary web scripts on a vulnerable site, which would execute anytime a user accessed the ‘All Posts’ page.

The vulnerable plugin, SEOPress, is installed on more than 100,000 websites.

Researcher Chloe Chamberland, threat analyst at Wordfence, explained the security issue in a blog post.


More Info

About mblog.my

Check Also

How To Add An Author Box In WordPress?

Share Tweet Share Share Email Do you have …

Leave a Reply

Your email address will not be published. Required fields are marked *