WP-Members Plugin Expose WordPress Sites To Injection Attacks

A security researcher reported a critical vulnerability in the WP-Members Membership Plugin that allows attackers to inject malicious scripts and potentially take over websites.  Administrators could take advantage of the unauthenticated stored XSS flaw that was present in the X-Forwarded header. To protect their users, researchers were rewarded for their responsible disclosure.  On March 7th, […]

The post WP-Members Plugin Expose WordPress Sites To Injection Attacks appeared first on Cyber Security News.

administrators attackers attacks critical critical vulnerability disclosure expose flaw header inject injection injection attacks malicious malicious scripts plugin protect researcher researchers responsible responsible disclosure scripts security security researcher stored xss unauthenticated vulnerability vulnerability patching websites wordpress wordpress security wordpress sites wp-members xss xss flaw