Date: May 14, 2020
Page Builder by SiteOrigin, a WordPress plugin with over one million active installs. That uses the drag-and-drop feature to build websites, has two flaws that can allow the complete takeover of the site.
Both security bugs could lead to cross-site request forgery (CSRF) and reflected cross-site scripting (XSS), according to researchers at WordPress. They “allow attackers to forge requests on behalf of a site administrator, and execute malicious code in the administrator’s browser,” according to researchers from Wordfence, in a post.
All vulnerabilities rated 8.8 out of 10.Within the Bugs
If exploited, both bugs used to redirect the administrator
World of WordPress is hosted by:
While others try to add more components to their hosting to make it go faster, we decided to build our hosting cloud fast from the ground up. We did so by stripping out everything we knew was deadweight.