Active XSS injection campaigns attack WP WordPress Plug-in
WordPress (WP) is by far the most popular open source Content management system (CMS) used by approximately 75 million websites . The ease to deploy and upgrade this free tool makes it popular among web- savvy users and web- novices alike. Whether it’ a commercial site or a personal blog, the fact that WordPress doesn’t charge a penny makes it a preferable tool among people. The compatibility and flexibility of Word Press to host thousands of plugins and templates gives it an edge over its contemporaries. However, the popularity of this tool among users has made this popular tool a lucrative target among threat actors. Recent research reveals that vulnerability in a high profile WordPress plugin that is installed on more than 100,000 sites has come under active exploitation. The vulnerability discovered in the popular AMP (Accelerated Mobile Pages) for WP plugin allows any registered user to perform administrative actions on a WordPress site. What is A...