Bugs Threaten 1 Million Sites with Full Takeover in WordPress Page Builder Plugin

Bugs Threaten 1 Million Sites with Full Takeover in WordPress Page Builder Plugin

Author: ZoneWP

Date: May 14, 2020 

Category: Plugin development, SEO, Security, Tips and tricks, Tutorials, Webhosting

(advertorial)

wprssaggregator Bugs Threaten 1 Million Sites with Full Takeover in WordPress Page Builder Plugin

Page Builder by SiteOrigin, a WordPress plugin with over one million active installs. That uses the drag-and-drop feature to build websites, has two flaws that can allow the complete takeover of the site.

Both security bugs could lead to cross-site request forgery (CSRF) and reflected cross-site scripting (XSS), according to researchers at WordPress. They “allow attackers to forge requests on behalf of a site administrator, and execute malicious code in the administrator’s browser,” according to researchers from Wordfence, in a post.

All vulnerabilities rated 8.8 out of 10.

Within the Bugs

If exploited, both bugs used to redirect the administrator

This is the first part of the original article by ZoneWP.
Click here to read the full article in a new tab!

(advertorial)

toolset logo tag line white Bugs Threaten 1 Million Sites with Full Takeover in WordPress Page Builder Plugin

Bugs Threaten 1 Million Sites with Full Takeover in WordPress Page Builder Plugin

World of WordPress is hosted by:

Servebolt: next level high performance hosting.

While others try to add more components to their hosting to make it go faster, we decided to build our hosting cloud fast from the ground up. We did so by stripping out everything we knew was deadweight.