WP-Members Plugin Expose WordPress Sites To Injection Attacks | allinfosecnews.com

April 3, 2024, 12:57 p.m. | Guru Baran

Cyber Security News cybersecuritynews.com

A security researcher reported a critical vulnerability in the WP-Members Membership Plugin that allows attackers to inject malicious scripts and potentially take over websites. Administrators could take advantage of the unauthenticated stored XSS flaw that was present in the X-Forwarded header. To protect their users, researchers were rewarded for their responsible disclosure. On March 7th, […]

The post WP-Members Plugin Expose WordPress Sites To Injection Attacks appeared first on Cyber Security News.

administrators attackers attacks critical critical vulnerability disclosure expose flaw header inject injection injection attacks malicious malicious scripts plugin protect researcher researchers responsible responsible disclosure scripts security security researcher stored xss unauthenticated vulnerability vulnerability patching websites wordpress wordpress security wordpress sites wp-members xss xss flaw

More from cybersecuritynews.com / Cyber Security News

ELLIO and ntop partnership to boost high-speed network traffic monitoring with real-time data on opportunistic … 1 day, 19 hours ago | cybersecuritynews.com

applications attacks botnets commercial +17

Windows-based AllaKore Malware Abuses Azure Cloud for C2 Infrastructure 1 day, 20 hours ago | cybersecuritynews.com

accounts azure azure cloud bank +27

Hackers Impersonating As Fake Toll Payment Processor Across The U.S. 1 day, 20 hours ago | cybersecuritynews.com

cyber security cybersecurity e-zpass e-zpass fraud +21

Hackers Compromised 600,000 SOHO Routers Within 72 Hours For Botnet 1 day, 20 hours ago | cybersecuritynews.com

72 hours attack attacks botnet +26

Telegram Know For Secure Messaging, Now Became A Tool For Cybercriminals 1 day, 22 hours ago | cybersecuritynews.com

abuse creators cybercriminals cyber security +12

Microsoft Observed Huge-Surge In Attacks Targeting Internet-Exposed OT Devices In WWS 2 days, 1 hour ago | cybersecuritynews.com

attacks cyberattacks cyberav3ngers cyber security +24

RedTail Cryptominer Exploiting Palo Alto Networks Firewall Zero-day Flaw 2 days, 6 hours ago | cybersecuritynews.com

alto arbitrary code attackers code +33

BBC Data Breach: Hackers Access Cloud-Based Storage Service 2 days, 6 hours ago | cybersecuritynews.com

access bbc breach cloud +25

New Meterpreter Backdoor Hides Malicious Codes Within the Image 2 days, 20 hours ago | cybersecuritynews.com

any.run backdoor code conceal +13

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US

View on infosec-jobs.com

Security Compliance Strategist

@ Grab | Petaling Jaya, Malaysia

View on infosec-jobs.com

Cloud Security Architect, Lead

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)

View on infosec-jobs.com