Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

Vulnerability in two popular Wordpress extensions affects millions of sites


Recommended Posts

Elementor and WP Super Cache are two popular Wordpress extensions that both carry serious vulnerabilities according to security researchers from Wordfence. The vulnerability in the Elementor add-on allows a perpetrator to load Javascript on pages, while the vulnerability in WP Super Cache makes it possible to run malicious code on pages. Elementor is used by more than seven million web pages and WP Super Cache is used by two million sites. Users are encouraged to update these two extensions as soon as possible or risk leaving their Wordpress sites vulnerable for takeover.

Wordfence writes that "since posts created by contributors are typically reviewed by editors or administrators before publishing, any JavaScript added to one of these posts would be executed in the reviewer’s browser. If an administrator reviewed a post containing malicious JavaScript, their authenticated session with high-level privileges could be used to create a new malicious administrator, or to add a backdoor to the site. An attack on this vulnerability could lead to site takeover."

Are you using any of these extensions? 

"Even if everyone agrees, everyone can be wrong."

Link to post
Share on other sites
  • 2 months later...
  • 4 weeks later...

Wordpress has a decent bit of vulnerability from default. It's just a software that tends to have loopholes in general. However they usually patch them up quite fast, there's just so many being found on a regular basis. I've never heard of these plugins though. 

Link to post
Share on other sites
On 7/12/2021 at 4:30 AM, TopSilver said:

Wordpress has a decent bit of vulnerability from default. It's just a software that tends to have loopholes in general. However they usually patch them up quite fast, there's just so many being found on a regular basis.

Yeah, this is true. I guess that's the reality for any popular software these days. I actually stopped using Wordpress altogether after the second or third time one of my sites got attacked by malicious code. It's a great blogging and CMS software - but I will probably never use it again because of its vulnerabilities.

"Even if everyone agrees, everyone can be wrong."

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. We use cookies and other tracking technologies to improve your browsing experience on our site, show personalized content, analyze site traffic, and understand where our audience is coming from. To find out more, please read our Privacy Policy. By choosing I Accept, you consent to our use of cookies and other tracking technologies.