Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

Another major WordPress plugin vulnerability puts thousands of sites at risk

Image Description

Cybersecurity researchers have helped patch a security flaw in a popular WordPress plugin, which could be exploited by attackers to take over a website.

Discovered by Wordpress security experts Wordfence, the vulnerability exists in the “Preview E-mails for WooCommerce” plugin, which as its name suggests is an extension for the popular WooCommerce plugin, which is popularly used for quickly and easily rolling out an online store within an existing Wordpress website. 

The “Preview E-mails for WooCommerce” plugin gives site owners the ability to preview emails before they are sent to customers via WooCommerce, and boasts of an installation base of over 20,000 websites. 

Unchecked input

According to Wordfence’s threat analyst Chloe Chamberland, attackers could exploit the flaw to inject malicious JavaScript into a page that would execute if the attacker successfully tricked a site’s administrator into performing an action like clicking on a link.

Explaining the working of the vulnerability, tracked as CVE-2021-42363, she says that it existed because a key component of the affected plugin didn’t sanitize the input, giving attackers the opportunity to inject malicious code.

“This meant that if an attacker could successfully convince a site administrator to click on a link, they could get malicious JavaScript to execute in that administrator’s browser. This script could be crafted to inject a new administrative user or even modify a plugin or theme file to include a backdoor which in turn would grant the attacker the ability to completely take over the site,” explains Chamberland.

Technically known as a reflected cross-site scripting (XSS) vulnerability, Wordfence brought it to the attention of the plugin’s developer who released a patch to address it in just over a week.

Easily build a website with these best Wordpress website builders, and use one of the best Wordpress ecommerce plugins to construct an online store without much effort

Date

18 Nov 2021

Sources


Share


Other Blog

  • Adobe Photoshop now runs natively on Windows 10 ARM

    Adobe has updated Photoshop to work on Windows ARM devices, such as the Surface Pro X.

    Read More
  • "It’s important to give people choice": Instagram explains why it brought back chronological feeds

    Instagram has finally confirmed that the option to use a chronological feed is rolling out to all users on iOS and Android from today, March 23.

    The rolling feed of images and video had changed in 2016 to one that was instead judged by algorithms. Instagram thought that users would prefer to be shown what they might like, rather than showing the latest images, with no ability to switch between modes.

    However, users have been clamoring to scroll through a feed from newest to oldest, and Instagram has finally relented. Eventually, you will be given two options on your feed - Following and Favorites, which can then be set to show your posts chronologically.

    TechRadar spoke to the company to find out why this change has occurred now, and whether this applies to Instagram's other features.

    A logical choice, at last

    This is an update that won't require you to go to the App Store or Google Play Store to update - it should appear on your feed soon.

    It's a welcome change, and many had been wishing for the company to revert back to a chronological feed since it changed back in 2016. So much so, Instagram commented on this at the end of 2021 through a series of tweets.

    See more

    In the meantime, we asked an Instagram spokesperson as to why it decided to make the change. "For some time now, we’ve been working on different ways to give people more control over their experience. This is one of the many things we’re doing to give people more choice," the spokesperson explains. "We moved away from a full chronological feed because we learned that many people were missing posts. That said, we think it’s important to give people choice - so we’re providing them with more options in Feed to tailor their experience."

    There is a small caveat to the return of the chronological feed; you can't currently set it as the default option, compared to what you can do with Twitter's two feeds. We asked if this was something that the company would consider in the future. "We’re giving new options within your Feed to give people more control and choice," Instagram's spokesperson clarifies. "The Home Feed will remain a mix of content that you see today, including ranked content from people you follow, recommended content you may like, and more."

    Instagram Desktop creation on the web

    (Image credit: Instagram)

    Six years is a long time in technology, especially when it comes to social media. Since then, we've seen Instagram Stories and Reels arrive, alongside being able to access the platform on the web. We asked whether the chronological feed would also apply here as well, with some bad news, confirming just two platforms again to us. "This feature is currently only available on iOS and Android."

    Finally, with Reels attempting to take on TikTok in its rolling video, we wondered whether this would also reap the benefit of an organized feed. "Currently, Favourites only applies to posts that appear in Feed."

    For now at least, the first steps of a chronological feed have arrived. And while you can't make it the default view for your feed, alongside being able to apply it to your Reels or hashtag feeds, it's a start.

    But with more users accessing the platform through iPads and web browsers on their Windows PCs, it's now a matter of when, not if, the chronological feed will also appear there as well.

    Read More
  • India's apps download growth 4 times more than global average

    India accounted for around 14% of the global app installs in 2020, according to the report titled ‘Marketing in the era of Mobile’.

    Read More
  • Microsoft relaunches Bug Bash challenge for Windows Insider: How to enter

    Windows Insiders can now earn badges by finding bugs in pre-release versions of Windows 10.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us