Wednesday, January 20, 04:10
Home security Zero-day vulnerabilities were revealed in Facebook's WordPress plugins

Zero-day vulnerabilities were revealed in Facebook's WordPress plugins

plugins

Two of the official WordPress its plugins Facebook, are affected by two zero-day vulnerabilities, revealed by an American cyber-security company.

The company also presented a proof-of-concept code (PoC), which reveals how hackers can exploit these vulnerabilities to attack sites.

The two affected plugins are "Messenger Costumer Chat ”, which displays a custom chat window Messenger on WordPress and the "Facebook for WooCommerce ”, which allows WordPress site owners to upload WooCommerce-based stores to their Facebook Pages.

In mid-April, WordPress decided to release the Facebook for WooCommerce plugin as part of the official plug-in for the WooCommerce online store. Since then, the plugin has garnered an overall 1,5 star rating, with the overwhelming majority of users complaining about errors and incomplete updates.

However, the security of all users who have installed these extensions is now at risk due to a dispute between a Denver-based company called White Fir Design LLC (acts as Plugin Vulnerabilities) and WordPress.

The Plugin Vulnerabilities team has decided that it will not follow the policy change in the WordPress.org forum, which forbids users from revealing security bugs through the forums and asked security researchers to send them electronically to the WordPress team to communicate with them those who used the plugins.

The Plugin Vulnerabilities team, however, continued to reveal security flaws in the WordPress forums and as a result its accounts in the forums were blocked.

The game was staggered over time, and last spring the group began publishing blog posts on its website with details and PoC codes about the vulnerabilities it discovered in WordPress plugins.

The hackers of course did not miss the opportunity and using the information posted by Plugin Vulnerabilities they started creating malicious campaigns, some of which managed to influence large sites.

The two flaws detected in Facebook plugins allow certified users to modify WordPress site options. Vulnerabilities are not as dangerous as those revealed earlier this year, but they could allow an attacker to take control of a site.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement

LIVE NEWS

00:02:49

The creator of PUBG is planning an IPO worth $ 27,2 billion!

https://www.youtube.com/watch?v=ZE1qwCJCXl0 Ο δημιουργός του PUBG, Kim Chang-han, σχεδιάζει IPO (Αρχική Δημόσια Προσφορά ή εισαγωγή στο χρηματιστήριο) η...

Slack: How to turn off automatic conversion to Emoji

Emoji are everywhere now. In many applications - such as Slack - you can not type a simple emoticon based on ...

Malware FreakOut: Infects "Linux hosts" that run vulnerable software

An active malicious campaign is currently targeting critical Linux devices running software. Its purpose is to infect ...
00:02:10

Facebook Messenger vs WhatsApp: Which is worse for privacy?

In recent days, WhatsApp has been at the center of discussions, due to issues that have arisen regarding the privacy of ...

Apple sued! They want to remove Telegram from the App Store

Although Telegram has become very popular in the world in recent days, it also receives a lot of negative reviews. A former ambassador of ...

VLC for macOS has been updated with full support for M1 Macs

VLC is one of the most popular media players and the macOS version is currently receiving a major update with full ...

Google Maps adds precise details to 4 city roadmaps

The Google Maps app received an update in August last year, which added more color to the physical maps to ...

Smartwatches may detect COVID-19 symptoms

Smartwatches and fitness wearables can play a valuable role in the early detection of COVID-19, according to some recent studies. Researchers from ...

The incidence of sextortion increased significantly during the pandemic period

With the outbreak of the COVID-19 pandemic, countries around the world have entered a lockdown regime, in an effort to ...

SpaceX launches the first Starlink satellite for 1

SpaceX will launch 60 satellites from the Kennedy Space Center in Florida on Wednesday. This will be the first launch of ...