There's a WordPress GA plugin vulnerability you need to know

by Administrator
5 replies
SEJ reports that WordPress security Patchstack discovered an XSS vulnerability on a popular Google Analytics WP plugin, MonsterInsights. The vulnerability also affects more than 3 million websites.

Open Worldwide Application Security Project describes how XSS vulnerabilities work:

"An attacker can use XSS to send a malicious script to an unsuspecting user. The end user's browser has no way to know that the script should not be trusted, and will execute the script.

Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site."
To know more about the details of this vulnerability, head over here.
#plugin #vulnerability #wordpress
Avatar of Unregistered
  • Profile picture of the author AdvantagePerks
    This is really bad news for everybody. I read the report from WordFence a day ago. Probably it is the best not to use plugin at all and put the code directly in the theme
    {{ DiscussionBoard.errors[11756627].message }}
  • Profile picture of the author Debhie
    Sad to hear this, this is really a bad news for everybody, Just be careful on clicking links specially when it seems to be suspicious.
    {{ DiscussionBoard.errors[11757590].message }}
  • Profile picture of the author RMRC
    This sucks to hear, but I'm glad to know this information so I can avoid this plugin.
    {{ DiscussionBoard.errors[11757667].message }}
  • Profile picture of the author Jeff Polaski
    Thank you for this one. Just be careful everyone.
    {{ DiscussionBoard.errors[11757835].message }}
    • Profile picture of the author CyberSEO
      Excuse me... Reported on May 23, 2023 (I think even earlier) and still not fixed? Have you contacted the developers?
      CyberSEO Pro - the almighty content syndicator for WordPress with a wide range of cutting edge AI technologies for SEO, such as OpenAI ChatGPT-4, DeepL, WordAI, Article Forge, DALL-E 2, Stable Diffusion 2.1 and others. Promote CyberSEO Pro and earn 20% on every sale! [ VIDEO ]
      {{ DiscussionBoard.errors[11759715].message }}
Avatar of Unregistered

Trending Topics