Disgruntled security firm discloses zero-days in Facebook's WordPress plugins

-
Zero-days disclosed in "Facebook for WooCommerce" and "Messenger Customer Chat."
A US-based cyber-security firm has published details about two zero-days that impact two of Facebook's official WordPress plugins.
The details also include proof-of-concept (PoC) code that allows hackers to craft exploits and launch attacks against sites using the two plugins.

Impacted plugins

The two zero-days impact "massengercuttomer chat," a WordPress plugin that shows a custom Messenger chat window on WordPress sites, and "facebook for WooCommerce," a WordPress plugin that allows WordPress site owners to upload their WooCommerce-based stores on their Facebook pages.
The first plugin is installed by over 20,000 sites, while the second has a userbase of 200,000 -- with its statistics exploding since mid-April when the WordPress team decided to start shipping the Facebook for WooCommerce plugin as part of the official WooCommerce online store plugin itself.
Since then, the plugin has garnered a collective rating of 1.5 stars, with the vast majority of reviewers complaining about errors and a lack of updates.

The grudge

Nevertheless, despite the bad reputation, today, the security of all users who installed these extensions was put at risk because of a stupid grudge between a Denver-based company called White Fir Design LLC (dba Plugin Vulnerabilities), and the WordPress forum moderation team.
In a dispute that's been raging for years, the Plugin Vulnerabilities team decided they wouldn't follow a policy change on the WordPress.org forums that banned users from disclosing security flaws through the forums, and instead required security researchers email the WordPress team, which would then contact plugin owners.
For the past years, the Plugin Vulnerabilities team has been disclosing security flaws on the WordPress forums in spite of this rule -- and having its forum accounts banned as a result of their rule-breaking behavior.
Things escalated this past spring when the Plugin Vulnerabilities team decided to take their protest a step further.
Instead of creating topics on the WordPress.org forums to warn users about security flaws, they also started publishing blog posts on their site with in-depth details and PoC code about the vulnerabilities they were finding.

Comments

Post a Comment

Popular posts from this blog

Seo tools /SEO experts actually/backlink.

-
Image
            SEO tools   Everyone knows how powerful social media can be for branding. It is not as simple as it seems to turn your social media users into leads and customers. But using the right tools, you’ll be able to optimize your social media conversions. According to research from  Shareaholic , social media drove almost 31.24 % of overall traffic to websites. Social media is a great place to reach target customers, increase follower counts and build a positive online reputation for online business. There is another side of social media that helps converting social media followers into potential customers and qualified leads. The research from  Monetate  that analyzed more than 500 million shopping experiences revealed that social media is still standing behind when it comes to conversions. It means that social media traffic with an average conversion rate of 0.71% is generally poor in comparison with email’s 3.19 % and searcher’s 1.95%. But it can be better, if you s
Read more

West indies vs Bangladesh live stream scores and runs latest Updates.

-
Image
ICC World Cup 2019, West Indies vs Bangladesh: Key battles to   (ONELINE EARN MONEY WATCHING ADS NEOBUX WEBSITE INTEREST PEAPUL CLICK)  https://www.neobux.com/?r=alexJHON786k   Both Bangladesh (BAN) and West Indies (WI) will look to get their ICC Cricket World Cup campaign back on track when they face off at The County Ground, Taunton today. Bangladesh have shown flashes of their potential, beginning with victory over South Africa before losing to New Zealand and hosts England. Their match against Sri Lanka was washed out. West Indies, on the other hand, also started strongly by rolling over Pakistan at Trent Bridge, Nottingham. They fell short against Australia at the same venue and lost to Eoin Morgan’s side by eight wickets at Southampton. Get live cricket updates and live score of Bangladesh vs West Indies here ( LIVE SCORECARD   |   POINTS TABLE   |   SCHEDULE & RESULTS ) Related Articles:- IND Vs PAK, Cricket World Cup: Don't Mistake Tears For
Read more
-
Image
Nipah virus: 4 more Keralites suspected to have deadly virus Thiruvananthapuram : After Pune’s National Institute of Virology has confirmed that the Kerala 23-year-old youth, who was admitted to a private hospital in Ernakulam is affected by the Nipah virus, Kerala health minister KK Shailaja said four more people are found to have the symptoms of Nipah virus. According to reports, two nurses who treated the youth are found to have the symptoms of Nipah virus and they have been shifted to observation rooms. Apart from them, two classmates of the Nipah virus-affected patient are also suffering from high fever and one among them has been moved to an isolation ward in Government Medical College, Kalammassery. Fever samples from this person will be sent to the National Institute of Virology in Pune, and NIV Alleppey today. During the press meet, Shailaja requested the public not to spread any wrong information, primarily through social media about Nipah.  A year ago, Nip
Read more