all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Over 100 WordPress Repository Plugins Affected by Shortcode-based Stored Cross-Site Scripting

Add to bookmarks
Dec. 12, 2023, 5:20 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

On August 14, 2023, the Wordfence Threat Intelligence team began a research project to find Stored Cross-Site Scripting (XSS) via Shortcode vulnerabilities in WordPress repository plugins. This type of vulnerability enables threat actors with contributor-level permissions or higher to inject malicious web scripts into pages using plugin shortcodes, which will execute whenever a victim accesses the injected page. We found over 100 vulnerabilities across 100 plugins which affect over 6 million sites. You can find the complete chart of affected …

august cross-site find higher inject intelligence malicious permissions plugin plugins project repository research research project scripting scripts team threat threat actors threat intelligence vulnerabilities vulnerability web wordfence wordpress xss

Visit resource

More from malware.news / Malware Analysis, News and Indicators - Latest topics

Custom TensorFlow Lite model implementation in Android 2 hours ago | malware.news
android article blog custom +9
ISC Stormcast For Friday, May 17th, 2024 https://isc.sans.edu/podcastdetail/8986, (Fri, May 17th) 5 hours ago | malware.news
topic
Unpacking XDR: Coverage, stitching, accregation — and the GenAI wildcard 6 hours ago | malware.news
article genai link media +7
The enterprise browser: The first win-win-win for CISOs, CIOs and end users 6 hours ago | malware.news
article browser browsers cisos +11
One big problem SOC teams can actually solve with AI 6 hours ago | malware.news
article big can intezer +8
SailPoint's approach to unified identity security for the modern enterprise 7 hours ago | malware.news
article enterprise identity identity security +6
AI SOC Solutions, Revamp Your Cybersecurity, & Nightwing Introduction - Jon Check, Ricardo Villadiego, Jim … 8 hours ago | malware.news
amp article check cybersecurity +6
Post-RSAC, Our Heads Are Spinning, and Big News Keeps on Coming! - ESW #362 8 hours ago | malware.news
article big coming link +3
AI-generated code top cloud security concern amid 100% use rate in survey 8 hours ago | malware.news
api article cloud cloud security +14

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

Information System Security Engineer 2

@ Wyetech | Annapolis Junction, Maryland
View on infosec-jobs.com

Staff Vulnerability/Configuration Management Security Engineer

@ ServiceNow | Hyderabad, India
View on infosec-jobs.com

Security Engineer

@ AXS | London, England, UK
View on infosec-jobs.com