WordPress Plugin Bug Put 100K Sites at Risk

WordPress Plugin Bug Put 100K Sites at Risk

Author: ZoneWP

Date: April 29, 2020 

Category: Plugin development, SEO, Security, Tips and tricks, Tutorials, Webhosting

(advertorial)

wprssaggregator WordPress Plugin Bug Put 100K Sites at Risk

A high-severity cross-site request forgery (CSRF) vulnerability allegedly affects Real-Time Find and Replace plugin. More than 100,000 active sites use the WordPress plugin. The vulnerability could trigger cross-site scripting and malicious injections of JavaScript anywhere on the victim’s website.

The injection of malicious code may be used to build a new administrative user account, to steal session cookies, to redirect users to a malicious site, to obtain administrative access, or infect innocent visitors who browse a compromised site with a drive-by malware attack, according to Wordfence research released Monday.

Real-Time Find and Replace helps administrators to automatically update

This is the first part of the original article by ZoneWP.
Click here to read the full article in a new tab!

(advertorial)

toolset logo tag line white WordPress Plugin Bug Put 100K Sites at Risk

WordPress Plugin Bug Put 100K Sites at Risk

World of WordPress is hosted by:

Servebolt: next level high performance hosting.

While others try to add more components to their hosting to make it go faster, we decided to build our hosting cloud fast from the ground up. We did so by stripping out everything we knew was deadweight.