Critical vulnerability in WooCommerce Payments Plugin allows full-site takeover by unauthenticated attackers. Affects +500,000 WordPress installs

#webworxwebdesign # #fortmyersseo #webworx #webdesignnaples #swflwebdesign #webdesignswfl #webdesignfortmyers

https://www.searchenginejournal.com/woocommerce-payments-plugin-vulnerability/483125/

#shorts

On July 10, 2020, our Threat Intelligence team discovered a vulnerability in All In One SEO Pack, a WordPress plugin installed on over 2 million sites. This flaw allowed authenticated users with contributor level access or above the ability to inject malicious scripts that would be executed if a victim accessed the wp-admin panel’s ‘all posts’ page.

We reached out to the plugin’s team the same day of discovery on July 10, 2020 and a patch was released just a few days later on July 15, 2020.

This is considered a medium severity security issue that, as with all XSS vulnerabilities, can result in complete site takeover and other severe consequences. We strongly recommend immediately updating to the latest version of this plugin. At the time of writing, that is version 3.6.2 of All in One SEO Pack.

Grab Your Free 17-Point WordPress Pre-Launch PDF Checklist: https://wplearninglab.com/17-point-wp-pre-launch-checklist-optin-yt/?utm_source=YouTube_Video &utm_medium=Description_Link &utm_term=Description_Link &utm_campaign=YouTube

Check out the free WP & Online Marketing Summit For Beginners. The online event is June 18, 2019: https://events.wplearninglab.com/

WordPress XSS Vulnerability In WooCommerce Add-on Plugin https://youtu.be/ijsdM7aZA4c

//*
Join our private Facebook group today! https://www.facebook.com/groups/wplearninglab

Wordfence tutorial: https://www.youtube.com/watch?v=2F460uMt2JE &list=PLlgSvQqMfii7Z3nd1-Xq3dYve0jqZ0IEc

Top 10 WordPress Security Mistakes video: https://www.youtube.com/watch?v=bt3ezVsufPE &list=PLlgSvQqMfii7YSIzIPnLng0zDkGbvQTwG
//*
Sometimes staying up-to-date with website site security is a full-time job.

Recently, a WordPress XSS exploit was discovered in a semi-popular WooCommerce add-on.

The vulnerability was made public once a patch had been released, but the plugin needs to be updated for the patch to be applied.

Watch today’s video for more details. XSS is short for Cross-Site Scripting which is a fairly common way for sites to be hacked.
//*
Here are 20+ reasons why I host all my sites with SiteGround: https://wplearninglab.com/siteground-wordpress-hosting-review/
//*

Post videos of your WordPress success using the hashtag #WPLLCommunity!

I hope this information helps you! If you have any questions leave a comment below or ping me @WPLearningLab on Twitter.

WP Learning Lab Channel: http://www.youtube.com/subscription_center?add_user=wplearninglab

A recently discovered vulnerability affecting WordPress users with Elementor plugin are at risk of a complete site takeover. Update your plugins soonest possible.

#youtubeshorts #shorts #wordpress #wordpress #websites #vulnerability #security