all InfoSec news
New Vulnerability in Popular WordPress Plugin Exposes Over 2 Million Sites to Cyberattacks
May 16, 2023, 4:57 p.m. | /u/aptconsulting
cybersecurity www.reddit.com
The vulnerability (CVE-2023-30777) is a case of reflected cross-site scripting (XSS), allowing the injection of arbitrary executable scripts into benign websites. This could lead to privilege escalation on the WordPress site, enabling any unauthenticated user to steal sensitive information. The free and pro versions of the plugin both have over two million active installations.
The reflected XSS attack takes place when …
advanced advanced custom fields plugin case cross-site cve cyberattacks cybersecurity escalation flaw injection plugin popular privilege privilege escalation scripting scripts security update version vulnerability websites wordpress wordpress plugin xss
More from www.reddit.com / cybersecurity
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Security Audit and Compliance Technical Analyst
@ Accenture Federal Services | Washington, DC
ICS Cyber Threat Intelligence Analyst
@ STEMBoard | Arlington, Virginia, United States
Cyber Operations Analyst
@ Peraton | Arlington, VA, United States
Cybersecurity – Information System Security Officer (ISSO)
@ Boeing | USA - Annapolis Junction, MD
Network Security Engineer I - Weekday Afternoons
@ Deepwatch | Remote