Owners of WordPress sites who use the Contact Form 7 Datepicker plugin are urged to remove or deactivate it to prevent attackers from creating rogue admins or taking over admin sessions after exploiting an authenticated stored cross-site scripting (XSS) vulnerability. […]
Advertise on IT Security News.
Read the complete article: WordPress Plugin Bug Can Be Exploited to Create Rogue Admins