• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

virusword.com

Learn Wordpress

  • Home
  • WordPress Shop
    • Fotopress
    • SEO Tool Kit
    • Social Contact
    • Tag Machine 2
    • Video Profits
  • Latest News
  • WordPress
    • Plugins
    • Themes
    • Tutorials
    • Videos
    • Woocommerce
  • About Us
  • Contact Us
    • Terms of Service
    • Privacy Policy
  • Show Search
Hide Search
Home/Plugins/Facebook For WordPress Plugin Vulnerabilities Lead to Site Takeover, Patch Available

Facebook For WordPress Plugin Vulnerabilities Lead to Site Takeover, Patch Available

The Wordfence team has discovered two critical vulnerabilities in Facebook for the WordPress plugin, which, if exploited, can lead an attacker to inject malicious code into the site. As said, exploiting these vulnerabilities requires fair access and can eventually lead to site takeover. The authors of the plug-in have released an updated version to patch them.

WordPress Plug-in Vulnerability

Facebook For WordPress Plugin Vulnerabilities

The Threat Intelligence Team from Wordfence has discovered two vulnerabilities in a WordPress plug-in, which could affect over half a million sites now. The concerned plugin is Facebook for WordPress, made by Facebook.

This plug-in is a conversion measurement tool, where if installed, it will be connecting the Facebook Pixel to the WordPress site and records the visitor engagement metrics. This can help marketers know how successful their campaign is and act accordingly later on.

And as the Wordfence team reported, an initial PHP Object Injection vulnerability was found and reported to Facebook in December last year, which could have unauthenticated users with access to a site’s secret salts and keys to perform an RCE attack. It’s rated 9.0 on the vulnerability severity scale and now has a patch.

The Wordfence team has also found another vulnerability in the same plug-in, which is reported in January this year. The Cross-Site Request Forgery vulnerability will allow an attacker to inject a JavaScript code into the site’s settings by tricking the admin into clicking on a link or a similar action.

Combined exploitation of these can also let the attacker take advantage of other vulnerabilities available on co-existing plug-ins in the same site. The second vulnerability is rated 8.8 on a severity scale and receives a patch.

Facebook has released version 3.0.5 of the Facebook for WordPress plugin, which now contains patches for both the vulnerabilities mentioned above. Thus, users are advised to update their plugins immediately.

Source link

Written by:
Abdul Wahid
Published on:
March 29, 2021

Categories: Plugins

Primary Sidebar

Wordpress

  • Content Management Systems (2)
  • Digital Marketing (4)
  • Internet Marketing (28)
  • Latest News (458)
  • Online Business (2)
  • Plugins (519)
  • Themes (521)
  • Videos (1,350)
  • Website Development (1)
  • Woocommerce (589)
  • WordPress (6)

Recent Articles

Unlock Your Internet Marketing Potential with WordPress: Tips, Tools, and Strategies

How to Use WordPress to Achieve Your Internet …

Continue Reading about Unlock Your Internet Marketing Potential with WordPress: Tips, Tools, and Strategies

Unlock Your Internet Marketing Potential: Harnessing the Power of WordPress

How to Use WordPress to Achieve Your Internet …

Continue Reading about Unlock Your Internet Marketing Potential: Harnessing the Power of WordPress

Search our site

Explore more

Get our Wordpress Guide Get Plugins Get Connected

Footer

VirusWord by Promaps, Inc.

Barnes Place
Colombo 7, Western 00700

Copyright © 2025 · Promaps, Inc.

Keep In Touch

  • Email
  • Facebook
  • Instagram
  • Pinterest
  • Twitter