Wordpress plugin vulnerabilities
There have been a large number of cases when a vulnerability in the plugins enabled hackers to abuse the website and even the entire IT infrastructure.
In April 2020, a vulnerability was found in the ‘Real-Time Find and Replace’ plugin (having over 100,000 installations), which could have allowed an attacker to inject malicious Javascript anywhere on a site by tricking the administrator.In March 2020, a critical privilege escalation vulnerability was found in the WordPress SEO Plugin Rank Math plugin, having more than 200,000 active installations. This vulnerability could allow hackers to get admin privileges to any registered user.
Real-world attack incidents
There have been several occasions wherein a vulnerability in WordPress plugins had led the hackers to do severe damage to business operations of targeted organizations.
In April 2020, the WordPress e-commerce sites powered by WooCommerce plugin were being targeted by a JavaScript-based card-skimmer malware, which could allow hackers to steal credit card numbers of all the visitors of the websites.In February 2020, thousands of cyberattacks were identified, targeting the WordPress plugin, Duplicator. These attackers were targeting an unauthenticated arbitrary file download vulnerability found in Dupl ..
Support the originator by clicking the read the rest link below.