back to article Ew, that's unsanitary: SEO plugin for WordPress would run arbitrary JavaScript inputs instead of scrubbing them

A popular WordPress search engine optimisation plugin with around two million installs could have been abused to hijack a target website, according to a threat intel firm. "This flaw allowed authenticated users with contributor level access or above the ability to inject malicious scripts that would be executed if a victim …

  1. Claptrap314 Silver badge
    Pint

    I must admit

    To feeling rather conflicted this time... <sigh> It's Friday. I feel like crying --->

    1. ecofeco Silver badge

      Re: I must admit

      I can relate. I'm no fan of Wordpress. What a steaming pile.

      1. quxinot Silver badge

        Re: I must admit

        Wordpress isn't a winner at all.

        But people that try to game the system with SEO? Time to point and laugh!

  2. iron Silver badge

    Enable 2FA... blah... blah.

    Excpet that will not help at all with problems of this sort. It would help if companies provided relevant advice rather than trotting out the same tired old lines.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020