There's a WordPress GA plugin vulnerability you need to know

by Administrator
4 replies
SEJ reports that WordPress security Patchstack discovered an XSS vulnerability on a popular Google Analytics WP plugin, MonsterInsights. The vulnerability also affects more than 3 million websites.

Open Worldwide Application Security Project describes how XSS vulnerabilities work:

"An attacker can use XSS to send a malicious script to an unsuspecting user. The end user's browser has no way to know that the script should not be trusted, and will execute the script.

Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site."
To know more about the details of this vulnerability, head over here.
#plugin #vulnerability #wordpress
Avatar of Unregistered
  • Profile picture of the author AdvantagePerks
    This is really bad news for everybody. I read the report from WordFence a day ago. Probably it is the best not to use plugin at all and put the code directly in the theme
    {{ DiscussionBoard.errors[11756627].message }}
  • Profile picture of the author Debhie
    Sad to hear this, this is really a bad news for everybody, Just be careful on clicking links specially when it seems to be suspicious.
    {{ DiscussionBoard.errors[11757590].message }}
  • Profile picture of the author Jeff Polaski
    Thank you for this one. Just be careful everyone.
    {{ DiscussionBoard.errors[11757835].message }}
Avatar of Unregistered

Trending Topics