On August 14, 2023, the Wordfence Threat Intelligence team began a research project to find Stored Cross-Site Scripting (XSS) via Shortcode vulnerabilities in WordPress repository plugins. This type of vulnerability enables threat actors with contributor-level permissions or higher to inject malicious web scripts into pages using plugin shortcodes, which will execute whenever a victim accesses the injected page. We found over 100 vulnerabilities across 100 plugins which affect over 6 million sites. You can find the complete chart of affected plugins below.
You may also like
Introducing … WPMU DEV Expert Services for Enhanced WordPress Site Management
Say goodbye to time-consuming tasks and hello to...
How Do Beginners Write and Learn the Sarkari Exam?
Sarkari exams, also known as government exams...
14 Best WordPress Membership Plugins (Compared) – 2024
Are you looking for the best WordPress membership...