Security Alert: Plugin Flaw Puts Over 200K WordPress Sites At Risk

Thursday, February 20, 2020

Security Alert: Plugin Flaw Puts Over 200K WordPress Sites At Risk

If you run a WordPress-powered site, then you must get to know it!

A high-severity cross-site request forgery (CSRF) to Remote Code Execution (RCE) vulnerability, tracked as CVE-2020-8417, has been discovered in a popular WordPress plugin, potentially opening up over 200K websites to complete takeover, information disclosure, and more.

The plugin in question is Code Snippets, which offers users an intuitive graphical user interface (similar to the Plugins menu) to add, run and manage PHP code snippets to their WordPress sites in order to customize or extend the functionality of the website, all without diving into the theme’s underlying code.

Click here to read the full article on WordpressIntegration official blog.

No comments:

Post a Comment

About Us

WordpressIntegration is a USA-based WordPress development company acclaimed worldwide for developing top-notch quality responsive WordPress themes and plugins. Backed by an ambitious team of 48+ genius WordPress professionals who hold extreme specialization in custom WordPress development, we're located in Oak Park, California, and have delivered over 7200+ WordPress projects to more than 4900+ clients from different industries. Our clientele includes reputable brands, such as Disney, Upwork, National Car Rental, BCIT, Internet Brands, and more. With over 15+ years of experience and expertise in custom WordPress development, we’re committed to delivering the best-in-class custom WordPress development services to clients all over the globe.

View my complete profile