• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

virusword.com-Wordpress

Learn Wordpress

  • Home
  • WordPress Shop
    • Fotopress
    • SEO Tool Kit
    • Social Contact
    • Tag Machine 2
    • Video Profits
  • Latest News
  • WordPress
    • Plugins
    • Themes
    • Tutorials
    • Videos
    • Woocommerce
  • About Us
  • Contact Us
    • Terms of Service
    • Privacy Policy
  • Show Search
Hide Search
Home/Plugins/Social media plugin puts 100,000 WordPress sites at risk

Social media plugin puts 100,000 WordPress sites at risk

In yet another vulnerability that could have serious repercussions, cybersecurity researchers have discovered a cross-site scripting(XSS) bug in the NextScripts: Social Networks Auto-Poster plugin for WordPress.

The plugin is used to automatically publish posts from websites to any of the configured social media accounts in a fully automated manner.

Discovered by Wordfence’s Ramuel Gall, the vulnerability in the popular WordPress plugin with over 100,000 installations, made it possible to perform a reflected cross-site scripting attack.

“As with all XSS attacks, malicious JavaScript running in an administrator’s session could be used to add malicious administrative users or insert backdoors into a site, and thus be used for site takeover,” observes Gall.

Superglobal quirk

While explaining the bug, Gall notes that the XSS vulnerability reared its head because of a relatively obscure peculiarity of how PHP handles superglobal variables.

“This meant that it was possible to execute JavaScript in the browser of a logged-in administrator by tricking them into visiting a self-submitting form that sent a POST request to their site,” says Gall. 

The vulnerability was disclosed to the plugin’s developer in August, and a patched update of the plugin was released in early October.

Wordfence suggests all users of the plugin update to its latest version to prevent abuse of their WordPress websites.

You can use these WordPress website builders to build your website in no time, but remember to secure them using these WordPress security plugins.

Source link

Written by:
Abdul Wahid
Published on:
October 30, 2021

Categories: Plugins

Primary Sidebar

Wordpress

  • Latest News (270)
  • Plugins (308)
  • Themes (312)
  • Tutorials (393)
  • Videos (801)
  • Woocommerce (400)

Recent Articles

Best WordPress Themes for Affiliate Marketing | User-friendly, Fast, SEO & CTR Optimized

In this video from the full playlist on affiliate …

Continue Reading about Best WordPress Themes for Affiliate Marketing | User-friendly, Fast, SEO & CTR Optimized

How to Enable Automatic Updates in WordPress for Major Versions

Do you want to enable automatic updates for major …

Continue Reading about How to Enable Automatic Updates in WordPress for Major Versions

Search our site

Explore more

Get our Wordpress Guide Get Plugins Get Connected

Footer

VirusWord by Promaps, Inc.

Barnes Place
Colombo 7, Western 00700

Copyright © 2023 · Promaps, Inc.

Keep In Touch

  • Email
  • Facebook
  • Instagram
  • Pinterest
  • Twitter