1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Another major WordPress plugin vulnerability puts thousands of si

    From TechnologyDaily@1337:1/100 to All on Thu Nov 18 11:15:04 2021
    Another major WordPress plugin vulnerability puts thousands of sites at risk

    Date:
    Thu, 18 Nov 2021 11:03:07 +0000

    Description:
    The vulnerability could facilitate complete site takeovers, warn researchers.

    FULL STORY ======================================================================

    Cybersecurity researchers have helped patch a security flaw in a popular WordPress plugin , which could be exploited by attackers to take over a website.

    Discovered by Wordpress security experts Wordfence , the vulnerability exists in the Preview E-mails for WooCommerce plugin, which as its name suggests is an extension for the popular WooCommerce plugin , which is popularly used for quickly and easily rolling out an online store within an existing Wordpress website .

    The Preview E-mails for WooCommerce plugin gives site owners the ability to preview emails before they are sent to customers via WooCommerce, and boasts of an installation base of over 20,000 websites. Unchecked input

    According to Wordfences threat analyst Chloe Chamberland, attackers could exploit the flaw to inject malicious JavaScript into a page that would
    execute if the attacker successfully tricked a sites administrator into performing an action like clicking on a link.

    Explaining the working of the vulnerability, tracked as CVE-2021-42363, she says that it existed because a key component of the affected plugin didnt sanitize the input, giving attackers the opportunity to inject malicious
    code.

    This meant that if an attacker could successfully convince a site administrator to click on a link, they could get malicious JavaScript to execute in that administrators browser. This script could be crafted to
    inject a new administrative user or even modify a plugin or theme file to include a backdoor which in turn would grant the attacker the ability to completely take over the site, explains Chamberland.

    Technically known as a reflected cross-site scripting (XSS) vulnerability, Wordfence brought it to the attention of the plugins developer who released a patch to address it in just over a week.

    Easily build a website with these best Wordpress website builders , and use one of the best Wordpress ecommerce plugins to construct an online store without much effort



    ======================================================================
    Link to news story: https://www.techradar.com/news/another-wordpress-plugin-vulnerability-puts-tho usands-of-sites-at-risk/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)