Sucuri Security researchers have discovered yet another malicious campaign redirecting users to sites hosting exploits.
A popular WordPress e-commerce plugin that is actively used on over 5,000 websites contains high-risk vulnerabilities that can be exploited to compromise customers' data, execute arbitrary PHP code, and perform Cross-Site Scripting attacks against users of WordPress installations, claim High-Tech Bridge researchers.
WordPress users should update as soon as possible, as the latest release (4.1.2) plugs a critical cross-site scripting vulnerability that could allow anonymous users to compromise their site.
At least 17 WordPress plugins - and likely even more of them - have been found vulnerable to cross-site scripting (XSS) flaws that could allow attackers to inject malicious code in the browsers of the sites' visitors.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.