Serious WordPress plugin vulnerability puts thousands of sites at risk

Cybersecurity researchers have helped patch a security flaw in a popular WordPress plugin, which made it possible for an attacker to inject rogue JavaScript scripts into the plugin’s settings.

Discovered by WordPress security experts at Wordfence, the vulnerability exists in the Variation Swatches for WooCommerce plugin, an extension for the popular WooCommerce plugin that enables ecommerce sites to display and sell multiple variations of a single product.

Source link