Researchers have uncovered active exploitation of vulnerabilities in popular WordPress plugins, allowing attackers to create rogue admin accounts and backdoors. The vulnerabilities pose a critical security threat to thousands of WordPress sites, with high-severity risks of unauthenticated cross-site scripting attacks. Specific vulnerabilities include CVE-2024-30043 in SharePoint and CVE-2024-5522 in WordPress. The exploits enable injection of malicious scripts and backdoors, posing significant cybersecurity risks.
CVE-2024-3820 (CVSS 10) in wpDataTables Puts 70,000 WordPress Sites at Risk https://t.co/utYbBlVWcc
Three high-severity vulnerabilities that are prone to unauthenticated cross-site scripting (XSS) attacks that let attackers inject malicious scripts via leading WordPress plug-ins were observed by researchers at @fastly. #cybersecurity #infosec https://t.co/PfNCeywgk6
Critical WordPress Plugin Flaws Exploited to Inject Malicious Scripts and Backdoors #cybersecurity https://t.co/JEgjjB3TKk
CVE-2024-5522 (CVSS 10): Critical Security Flaw Threatens Thousands of WordPress Sites https://t.co/dcpXaHgz0P
CVE-2024-30043: @chudyPB details this #SharePoint XXE he discovered. He calls it one of the craziest XXEs he has ever seen, both in terms of vuln discovery and the method of triggering. He shows how it can be used for info disclosure & NTLM relaying. https://t.co/BzUDEE5Cy8
Researchers Uncover Active Exploitation of WordPress Plugin Vulnerabilities https://t.co/zHUGdWj0M0
Researchers Uncover Active Exploitation of WordPress Plugin Vulnerabilities: https://t.co/3mRd5PXkb4 by The Hacker News #infosec #cybersecurity #technology #news
šØ Attention WordPress users! Researchers have discovered several vulnerabilities in popular #WordPress plugins that allow attackers to create rogue admin accounts and backdoors. š Learn more: https://t.co/98t9DrzpKw #cybersecurity #infosec