A high severity cross-site request forgery (CSRF) bug allows attackers to take over WordPress sites running an unpatched version of the Code Snippets plugin because of missing referer checks on the import menu. According to the active installations count on its WordPress library entry, the open-source Code Snippets plugin is currently used by more than 200,000 websites. …
The ISBuzz Post: This Post Comment: WordPress Plugin Bug Exposes 200K+ Sites appeared first on Information Security Buzz.
Advertise on IT Security News.
Read the complete article: Comment: WordPress Plugin Bug Exposes 200K+ Sites