Unpatched Bug Under Active Attack Threatens WordPress Sites with XSS
This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).
An unpatched vulnerability in the Rich Reviews plugin for WordPress is putting an estimated 16,000 sites in danger of stored cross-site scripting (XSS) attacks.
Sites running the plugin are vulnerable to unauthenticated plugin option updates, which can be used to deliver malware payloads; and according to Wordfence, attacks are already happening in the wild.
Top 5 Security News
Microsoft rushes out fix for Internet Explorer zero-day
Magecart Group Continues Targeting E-Commerce Sites
iOS 13 Bug Lets 3rd-Party Keyboards Gain ‘Full Access’ — Even When You Deny