A popular WordPress e-commerce plugin that is actively used on over 5,000 websites contains high-risk vulnerabilities that can be exploited to compromise customers' data, execute arbitrary PHP code, and perform Cross-Site Scripting attacks against users of WordPress installations, claim High-Tech Bridge researchers.
WordPress users should update as soon as possible, as the latest release (4.1.2) plugs a critical cross-site scripting vulnerability that could allow anonymous users to compromise their site.
At least 17 WordPress plugins - and likely even more of them - have been found vulnerable to cross-site scripting (XSS) flaws that could allow attackers to inject malicious code in the browsers of the sites' visitors.
Malwarebytes researchers have spotted another malware delivery campaign that uses compromised WordPress sites to redirect users to a page hosting an exploit kit.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.