WordPress Plugin Bug Opens 100K Websites to Compromise

2020-04-28 15:08

A high-severity cross-site request forgery vulnerability in Real-Time Find and Replace, a WordPress plugin installed on more than 100,000 sites, could lead to cross-site scripting and the injection of malicious JavaScript anywhere on a victim site.

In April a pair of security vulnerabilities in the WordPress search engine optimization plugin known as Rank Math, were found.

In March, a critical vulnerability in a WordPress plugin known as "ThemeREX Addons" was found that could open the door for remote code execution in 44,000 websites.

Two vulnerabilities - including a high-severity flaw - were patched in a popular WordPress plugin called Popup Builder.

In February, popular WordPress plugin Duplicator, which has more than 1 million active installations, was discovered to have an unauthenticated arbitrary file download vulnerability that was being attacked.

News URL

https://threatpost.com/wordpress-plugin-bug-100k-websites-compromise/155230/

#compromise #wordpress

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Wordpress		7	2	95	44	18	159
Plugin		2	0	13	1	0	14