Our Threat Intelligence team is tracking a series of attacks against an unpatched vulnerability in the Rich Reviews plugin for WordPress. The estimated 16,000 sites running the plugin are vulnerable to unauthenticated plugin option updates, which can be used to deliver stored cross-site scripting (XSS) payloads. Attackers are abusing this exploit chain to inject malvertising code which creates redirects and popup ads associated with a known campaign.
In today’s post we’ll share brief details of the zero-day flaw, some notes on the attacks against it, and our recommendations for moving forward.
Check it out on the Wordfence blog…
Last updated 9-24-19