all InfoSec news
“Never Assume Anything” – Unauthenticated Stored Cross-Site Scripting Vulnerability Exposed in 14 Email Logging Plugins
Malware Analysis, News and Indicators - Latest topics malware.news
“Never Assume Anything” – that is the 4th Guiding Principle written in the Security section of the WordPress Common APIs Handbook for developers. When it comes to WordPress plugin security, assumptions can be dangerous. This became evident when the Wordfence Threat Intelligence team discovered an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in 14 different email logging plugins. The common thread? An assumption that the contents of emails generated within a WordPress instance could not be influenced by external actors. This …
apis cross-site developers email exposed handbook intelligence logging plugin plugins scripting security team threat threat intelligence vulnerability wordfence wordpress wordpress plugin wordpress plugin security written