Popular WordPress Plugin Makes 2 Million Websites Vulnerable
A vulnerability in the Advanced Custom Fields plugin for WordPress makes it possible to enter malicious code on about two million websites, causing damage to the site and/or the user.
These are the Delicious Brains Advanced Custom Fields and Advanced Custom Fields Pro plugins. The plugin gives WordPress site administrators more control over their content and data.
On February 5, Patchstack discovered that performing an XSS attack via that plugin was possible. This stands for cross-site scripting and essentially involves an attacker entering code, usually into a text box on a site. The site then interprets that code. XSS attacks were widespread 10-15 years ago. Since then, most sites with fill-in options know how to close those boxes so that only text is possible or code is not e...