Security News > 2021 > February > Critical WordPress Plugin Flaw Allows Site Takeover

Critical WordPress Plugin Flaw Allows Site Takeover
2021-02-08 21:11

Researchers are urging WordPress websites that utilize the NextGen Gallery plugin to apply a patch addressing critical and high-severity flaws.

Researchers discovered two cross-site request forgery flaws - one critical and one high-severity - in the plugin.

CSRF is a type of web flaw that allows an attacker to trick web browsers into performing malicious, unauthorized commands.

"If you know a friend or colleague who is using this plugin on their site, we highly recommend forwarding this advisory to them to help keep their sites protected as these are critical and high severity vulnerabilities that can lead to full site takeover," said researchers.

The flaw is only the latest to plague a WordPress plugin.

In January, two flaws in a WordPress plugin called Orbit Fox were found that could allow attackers to inject malicious code into vulnerable websites, or take control of a website.


News URL

https://threatpost.com/critical-wordpress-plugin-flaw-site-takeover/163734/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Wordpress 7 2 93 44 18 157
Plugin 2 0 13 1 0 14