Security News > 2020 > April > WordPress Plugin Bug Opens 100K Websites to Compromise

WordPress Plugin Bug Opens 100K Websites to Compromise
2020-04-28 15:08

A high-severity cross-site request forgery vulnerability in Real-Time Find and Replace, a WordPress plugin installed on more than 100,000 sites, could lead to cross-site scripting and the injection of malicious JavaScript anywhere on a victim site.

In April a pair of security vulnerabilities in the WordPress search engine optimization plugin known as Rank Math, were found.

In March, a critical vulnerability in a WordPress plugin known as "ThemeREX Addons" was found that could open the door for remote code execution in 44,000 websites.

Two vulnerabilities - including a high-severity flaw - were patched in a popular WordPress plugin called Popup Builder.

In February, popular WordPress plugin Duplicator, which has more than 1 million active installations, was discovered to have an unauthenticated arbitrary file download vulnerability that was being attacked.


News URL

https://threatpost.com/wordpress-plugin-bug-100k-websites-compromise/155230/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Wordpress 7 2 93 44 18 157
Plugin 2 0 13 1 0 14