[SECURITY - NEWS] XSS Vulnerability Patched in SEOPress Affects 100,000 sites

Roger Marquez

Roger Marquez

Jr. Executive VIP
Joined
Apr 17, 2017
Messages
4,710
Reaction score
7,111
SOURCE:
www.wordfence.com

XSS Vulnerability Patched in SEOPress Affects 100,000 sites

On July 29, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability that we discovered in SEOPress, a WordPress plugin installed on over 100,000 sites. This flaw made it possible for an attacker to inject arbitrary web scripts on a vulnerable...
www.wordfence.com
 
Advertise on BHW
only works if you allow registrations on the site. the attacker at least needs a valid user account (subscriber level is the minimum).
so if you have a blog without allowing registrations it can't be exploited.
Laplace said:
There will not be serious problems, but it is still useful to update.
Click to expand...
well if you allow users to register then it could be harmful. someone could hijack all traffic, or push malware etc. as javascript can be injected and you can do a lot of things with js.
in combination with other bugs it could even lead to full compromise of the site/server.
 
Advertise on BHW
You must log in or register to reply here.
Sign up now!

Main Menu

Home Main Forum List Black Hat SEO White Hat SEO BHW Newbie Guide Blogging Black Hat Tools Social Networking Downloads

Marketplace

Content / Copywriting Hosting Images, Logos & Videos Proxies For Sale SEO - Link building SEO - Packages Social Media Social Media - Panels Web Design Misc

Making Money

Affiliate Programs Hire a Freelancer Making Money Pay Per Click Site Flipping

BlackHatWorld

BHW Merch Forum Suggestions & Feedback Introductions Lounge Dispute Resolution

Other

Domain Name Forum IM Journeys Web Hosting Newsletter
Back
Top