Unpatched Bug Under Active Attack Threatens WordPress Sites with XSS

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

 

An unpatched vulnerability in the Rich Reviews plugin for WordPress is putting an estimated 16,000 sites in danger of stored cross-site scripting (XSS) attacks.

Sites running the plugin are vulnerable to unauthenticated plugin option updates, which can be used to deliver malware payloads; and according to Wordfence, attacks are already happening in the wild.

Read more

 

Top 5 Security News

Microsoft rushes out fix for Internet Explorer zero-day

Magecart Group Continues Targeting E-Commerce Sites

iOS 13 Bug Lets 3rd-Party Keyboards Gain ‘Full Access’ — Even When You Deny

Why You Need to Think About API Security

HTTP/3: the past, the present, and the future