Saturday, August 15, 02:42
Home security Zero-day vulnerabilities were revealed in Facebook's WordPress plugins

Zero-day vulnerabilities were revealed in Facebook's WordPress plugins


Two of the official WordPress its plugins Facebook, are affected by two zero-day vulnerabilities, revealed by an American cyber-security company.

The company also presented a proof-of-concept code (PoC), which reveals how hackers can exploit these vulnerabilities to attack sites.

The two affected plugins are "Messenger Costumer Chat ”, which displays a custom chat window Messenger on WordPress and the "Facebook for WooCommerce ”, which allows WordPress site owners to upload WooCommerce-based stores to their Facebook Pages.

In mid-April, WordPress decided to release the Facebook for WooCommerce plugin as part of the official plug-in for the WooCommerce online store. Since then, the plugin has garnered an overall 1,5 star rating, with the overwhelming majority of users complaining about errors and incomplete updates.

However, the security of all users who have installed these extensions is now at risk due to a dispute between a Denver-based company called White Fir Design LLC (acts as Plugin Vulnerabilities) and WordPress.

The Plugin Vulnerabilities team has decided that it will not follow the policy change in the forum, which forbids users from revealing security bugs through the forums and asked security researchers to send them electronically to the WordPress team to communicate with them those who used the plugins.

The Plugin Vulnerabilities team, however, continued to reveal security flaws in the WordPress forums and as a result its accounts in the forums were blocked.

The game was staggered over time, and last spring the group began publishing blog posts on its website with details and PoC codes about the vulnerabilities it discovered in WordPress plugins.

Hackers naturally did not miss the opportunity and using the information posted by Plugin Vulnerabilities started creating malicious campaigns, some of which were able to affect large sites.

The two flaws detected in Facebook plugins allow certified users to modify WordPress site options. Vulnerabilities are not as dangerous as those revealed earlier this year, but they could allow an attacker to take control of a site.


Please enter your comment!
Please enter your name here

Absent Mia
Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement


Relax with these short horror and sci-fi movies!

Do you dream of other planets, other realities or other schedules? If you wish you could travel somewhere else you should see these little ...

6 ways your location can be traced through your iPhone!

Your iPhone can be configured to show your location in real time to anyone. Also indicates your location ...

How to delete your Spotify account?

Have you decided to stop using Spotify and want to close your account permanently? See how ...

Holidays, baths, public WiFi: Guess which one not to choose?

Holidays, baths, public WiFi: Guess which one not to choose? August is here and most are getting ready for their summer vacation ....

Cyber ​​Security Career: Why Choose It Now?

With unemployment being at very high levels due to the coronavirus and with companies trying to restructure companies ...

Get MIUI 12 "Focus Mode" on any Xiaomi device

Focus Mode is one of the best features of MIUI 12. This feature was first introduced in MIUI 11, but there are ...

The 20 best gaming consoles of all time

On the threshold of the new generation of consoles, such as the PlayStation 5 and the Xbox Series X, these are the most important and ...

Smart locks: Every home needs to have one!

Home security is a complex issue, but anything is safer than hiding a spare key in a very ...

LinkedIn: How do you record and display the pronunciation of your name?

Having a last name that almost no one pronounces correctly can sometimes be annoying. Thus, LinkedIn attempts ...

Cyber ​​attacks: 5 steps to deal with security incidents

Every organization is prone to cyber attacks and, when it happens, there is a small line between rescuing your network security and ...