Persistent XSS flaws patched in multiple WordPress plugins

Persistent XSS flaws patched in multiple WordPress plugins

Earlier this week, WordPress administrators were urged to update to the popular All-in-One SEO plugin to address a persistent cross-site scripting vulnerability. But other widely used plugins also need updating.

The plugin model for WordPress is simultaneously the platform’s greatest asset and biggest vulnerability. Administrators can happily search the rich ecosystem of plugins and find all manner of advanced features and functionality to enhance their WordPress sites. Once downloaded, these plugins are easy to install. However, the plugins are frequently poorly coded or not regularly updated, exposing WordPress sites to potential Web attacks. WordPress itself is a pretty stable platform, but WordPress sites are frequently compromised because the attackers uncover a vulnerability in one of the plugins.

To read this article in full or to leave a comment, please click here

Source: Security


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.