CISObyte 04-28-2020
A cross-site request forgery attack is used to send malicious requests from a valid user to an application.
Vulnerability in Real-Time Find and Replace WordPress plugin.
“Real-Time Find and Replace provides functionality to dynamically replace any HTML content on WordPress sites with new content without permanently changing the source content.” “This flaw could allow any user to inject malicious Javascript anywhere on a site if they could trick a site’s administrator into performing an action, like clicking on a link in a comment or email.” It has been patched in version 4.0.2. While CISObyte does not use this particular plugin, we’re keenly aware, and keeping the ones we do use updated daily.
- Vulnerability Management
- WordPress
- Plugin
- Patch Management
Wordfence - High Severity Vulnerability Patched in Real-Time Find and Replace Plugin
On April 22, 2020, our Threat Intelligence team discovered a vulnerability in Real-Time Find and Replace, a WordPress plugin installed on over 100,000 sites. This flaw could allow any user to inject malicious Javascript anywhere on a site if they could trick a site’s administrator into performing an…