WordPress “Code Snippets” Plugin Vulnerability Risked More Than 200K Websites
Researchers have found another WordPress threat to thousands of websites. In fact, they are a powerful vulnerability in the Code Snippets plugin. The Vulnerability Code Wordpress was recently discovered when a major vulnerability was found in WordPress. As they reveal their identities, CSRF is vulnerable to code concealment. By using a bug a hacker can gain control of the target websites.
This is a very serious problem that leads to site capture, display, and more. In short, CSRF does not protect the Code Import feature. This allowed the attacker to attack malicious applications and code on the landing page. Even code imported via the plugin is "disabled" by default. Ideally, this would prevent any code from being deployed when offering a CSRF.
However, the researchers found that the enemy could avoid this situation. The attacker can simply insert a "strong" flag with a value of "1" into the body of the JSON containing the code import information, and the code will be included in the import.
إرسال تعليق
We’re eager to see your comment. However, Please Keep in mind that all comments are moderated manually by our human reviewers according to our comment policy, and all the links are nofollow. Using Keywords in the name field area is forbidden. Let’s enjoy a personal and evocative conversation.