Reflected XSS in WordPress Plugin Admin Pages

The administrative dashboard in WordPress is a pretty safe place: Only elevated users can access it. Exploiting a plugin’s admin panel would serve very little purpose here — an administrator already has the required permissions to do all of the actions a vulnerability could cause.

While this is usually true, there are a number of techniques bad actors are using to trick an administrator into performing actions they would not expect, such as Cross Site Request Forgery (CSRF) or Clickjacking attacks.

Continue reading Reflected XSS in WordPress Plugin Admin Pages at Sucuri Blog.

Read more: Reflected XSS in WordPress Plugin Admin Pages

Story added 8. September 2020, content source with full text you can find at link above.

Comments are closed.

More antivirus and malware news?

2017 Antivirus News | Powered by WordPress | Fluxipress Theme | Show My IP Address, check blacklists | Free Favicon, Android and Apple Icon Generator | Bitcoin and Crypto Currency News