all InfoSec news
Over 100 WordPress Repository Plugins Affected by Shortcode-based Stored Cross-Site Scripting
Malware Analysis, News and Indicators - Latest topics malware.news
On August 14, 2023, the Wordfence Threat Intelligence team began a research project to find Stored Cross-Site Scripting (XSS) via Shortcode vulnerabilities in WordPress repository plugins. This type of vulnerability enables threat actors with contributor-level permissions or higher to inject malicious web scripts into pages using plugin shortcodes, which will execute whenever a victim accesses the injected page. We found over 100 vulnerabilities across 100 plugins which affect over 6 million sites. You can find the complete chart of affected …
august cross-site find higher inject intelligence malicious permissions plugin plugins project repository research research project scripting scripts team threat threat actors threat intelligence vulnerabilities vulnerability web wordfence wordpress xss