• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

virusword.com-Wordpress

Learn Wordpress

  • Home
  • WordPress Shop
    • Fotopress
    • SEO Tool Kit
    • Social Contact
    • Tag Machine 2
    • Video Profits
  • Latest News
  • WordPress
    • Plugins
    • Themes
    • Tutorials
    • Videos
    • Woocommerce
  • About Us
  • Contact Us
    • Terms of Service
    • Privacy Policy
  • Show Search
Hide Search
Home/Plugins/Facebook For WordPress Plugin Vulnerabilities Lead to Site Takeover, Patch Available

Facebook For WordPress Plugin Vulnerabilities Lead to Site Takeover, Patch Available

The Wordfence team has discovered two critical vulnerabilities in Facebook for the WordPress plugin, which, if exploited, can lead an attacker to inject malicious code into the site. As said, exploiting these vulnerabilities requires fair access and can eventually lead to site takeover. The authors of the plug-in have released an updated version to patch them.

WordPress Plug-in Vulnerability

Facebook For WordPress Plugin Vulnerabilities

The Threat Intelligence Team from Wordfence has discovered two vulnerabilities in a WordPress plug-in, which could affect over half a million sites now. The concerned plugin is Facebook for WordPress, made by Facebook.

This plug-in is a conversion measurement tool, where if installed, it will be connecting the Facebook Pixel to the WordPress site and records the visitor engagement metrics. This can help marketers know how successful their campaign is and act accordingly later on.

And as the Wordfence team reported, an initial PHP Object Injection vulnerability was found and reported to Facebook in December last year, which could have unauthenticated users with access to a site’s secret salts and keys to perform an RCE attack. It’s rated 9.0 on the vulnerability severity scale and now has a patch.

The Wordfence team has also found another vulnerability in the same plug-in, which is reported in January this year. The Cross-Site Request Forgery vulnerability will allow an attacker to inject a JavaScript code into the site’s settings by tricking the admin into clicking on a link or a similar action.

Combined exploitation of these can also let the attacker take advantage of other vulnerabilities available on co-existing plug-ins in the same site. The second vulnerability is rated 8.8 on a severity scale and receives a patch.

Facebook has released version 3.0.5 of the Facebook for WordPress plugin, which now contains patches for both the vulnerabilities mentioned above. Thus, users are advised to update their plugins immediately.

Source link

Written by:
Abdul Wahid
Published on:
March 29, 2021

Categories: Plugins

Primary Sidebar

Wordpress

  • Latest News (269)
  • Plugins (307)
  • Themes (312)
  • Tutorials (392)
  • Videos (799)
  • Woocommerce (399)

Recent Articles

How to Add Customer Reviews in eCommerce Site (WooCommerce Tutorial) #WordPress

#WordPressTutorial #WordPressPlugins #WooCommerce …

Continue Reading about How to Add Customer Reviews in eCommerce Site (WooCommerce Tutorial) #WordPress

Subscribe to Podcast – Saucon Source

By subscribing to this podcast, you will …

Continue Reading about Subscribe to Podcast – Saucon Source

Search our site

Explore more

Get our Wordpress Guide Get Plugins Get Connected

Footer

VirusWord by Promaps, Inc.

Barnes Place
Colombo 7, Western 00700

Copyright © 2023 · Promaps, Inc.

Keep In Touch

  • Email
  • Facebook
  • Instagram
  • Pinterest
  • Twitter