all InfoSec news
Over 100 WordPress Repository Plugins Affected by Shortcode-based Stored Cross-Site Scripting
Wordfence www.wordfence.com
On August 14, 2023, the Wordfence Threat Intelligence team began a research project to find Stored Cross-Site Scripting (XSS) via Shortcode vulnerabilities in WordPress repository plugins. This type of vulnerability enables threat actors with contributor-level permissions or higher to inject malicious web scripts into pages using plugin shortcodes, which will execute whenever a victim accesses ...
Read More
The post Over 100 WordPress Repository Plugins Affected by Shortcode-based Stored Cross-Site Scripting appeared first on Wordfence.
august cross-site find higher inject intelligence malicious permissions plugin plugins project repository research research project scripting scripts team threat threat actors threat intelligence vulnerabilities vulnerability web wordfence wordpress wordpress security xss