in , ,

WordPress Plugin Confusion: How an update can get you pwned

tl;dr: Like the novel “Dependency Confusion” supply chain attack, it is possible to take over internally developed WordPress plugins unclaimed on the registry. Updating the plugin might result in the RCE or installing a PHP backdoor. You can use to scan for potential targets. To protect your website, please read this announcement.

This post was created with our nice and easy submission form. Create your post!

What do you think?

Posted by SH

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

Best of Common Ports Cheatsheet

Amazon Cognito (Mis)Configurations