On January 10th, 2024 we received an interesting malware submission demonstrating how a Cross-Site Scripting (XSS) vulnerability in single plugin can allow an unauthenticated attacker to inject an arbitrary administrative account that can be used to take over a website. On December 11, 2023, we added an Unauthenticated Stored XSS vulnerability in the Popup Builder …
Read More
The post Website Takeover Campaign Takes Advantage of Unauthenticated Stored Cross-Site Scripting Vulnerability in Popup Builder Plugin appeared first on Wordfence.
This article has been indexed from Blog – Wordfence