Your new post is loading...
Another popular Yoast Wordpress plugin has been found sporting a critical vulnerability that can be exploited by attackers to take over control of the site.
A week ago it was the WordPress SEO plugin, which is actively used on more than a million of WP sites. This time it's the company's Google Analytics plugin, which has apparently been downloaded around 7 million times.
According to the researcher who discovered the issue, Jouko Pynnönen of Finland-based Klikki Oy, the vulnerability "allows an unauthenticated attacker to store arbitrary HTML, including JavaScript, in the WordPress administrator’s Dashboard on the target system. The JavaScript will be triggered when an administrator views the plug-in’s settings panel. No further user interaction is required."
Learn more:
- http://www.scoop.it/t/wordpress-annotum-for-education-science-journal-publishing
Another popular Yoast Wordpress plugin has been found sporting a critical vulnerability that can be exploited by attackers to take over control of the site.
A week ago it was the WordPress SEO plugin, which is actively used on more than a million of WP sites. This time it's the company's Google Analytics plugin, which has apparently been downloaded around 7 million times.
According to the researcher who discovered the issue, Jouko Pynnönen of Finland-based Klikki Oy, the vulnerability "allows an unauthenticated attacker to store arbitrary HTML, including JavaScript, in the WordPress administrator’s Dashboard on the target system. The JavaScript will be triggered when an administrator views the plug-in’s settings panel. No further user interaction is required."
Learn more:
- http://www.scoop.it/t/wordpress-annotum-for-education-science-journal-publishing