WordPress admin? Thinking of spending time with the family? Think again

  • 20 July 2016
  • 0 replies
  • 89 views

Userlevel 7
Badge +54

P0wnage party pops plugins, providing plenty of party-pooping projects

 
                        


 
20 Jul 2016  Richard Chirgwin The Dutch hacking community's Summer of Pwnage (SoP) has disclosed three vulnerabilities in WordPress plugins, including an XSS in the popular Ninja Forms.
 
Since Ninja Forms claims more than 600,000 users, we'll start there: the now-fixed reflected XSS bug allows attackers to inject malicious JavaScript into the victim's application.
 
That's because the plugin “insufficiently performs CSRF validation (ajaxreferer and nonce) and fails to perform output encoding according to context at any point where user-supplied input is copied into application responses”, SoP says. The fix is here.
 
Full Article

0 replies

Be the first to reply!

Reply