Arbitrary script injections possible with WP-Members plugin flaw

3 April 2024

More than 60,000 WordPress sites with the WP-Members Membership Plugin could be compromised with arbitrary script injections due to a high-severity cross-site scripting vulnerability, tracked as CVE-2024-1852, reports SecurityWeek. Threat actors could exploit the WordPress plugin’s user registration feature to facilitate the creation and interception of a registration form, which would be later modified to include an X-Forwarded-For header containing a malicious payload, according to a Wordfence alert.

Source: SC Magazine

Date:

3 April 2024

Categorie(s):

NEWS

Tag(s):

IT, News, Plugins

With its new iPad, Apple’s Empire strikes back6 May 2024
Malware campaign attempts abuse of defender binaries6 May 2024
Microsoft unveils new security features for SOC teams to combat insider threats6 May 2024
BigID launches new hybrid scanning technology for enhance cloud data management6 May 2024
At RSA, Cisco launches bolsters in Security Cloud, built on Hypershield and Splunk6 May 2024