XSS vulnerability in popular WordPress plugin SEOPress could enable complete site takeover.
Security issue in CMS add-on has been patched.
A cross-site scripting ( XSS ) vulnerability in a popular WordPress plugin could allow an attacker to completely take over a website, researchers have warned.
The flaw made it possible for an attacker to inject arbitrary web scripts on a vulnerable site, which would execute anytime a user accessed the ‘All Posts’ page.
The vulnerable plugin, SEOPress, is installed on more than 100,000 websites.
Researcher Chloe Chamberland, threat analyst at Wordfence, explained the security issue in a blog post.
To stay up to date with latest top stories, make sure to subscribe to this YouTube channel by clicking the button above this video!
One of the features available in SEOPress is the ability to add an SEO title and description to posts, which can be done while saving edits to a post or via a newly introduced REST-API endpoint, Chamerland explains.