WordPress plugin flaw puts ‘millions of websites’ at risk

image via theregister.com
image via theregister.com

WordPress users with the Advanced Custom Fields plugin on their website should upgrade after the discovery of a vulnerability in the code that could open up sites and their visitors to cross-site scripting (XSS) attacks. Essentially, it allows someone to run JavaScript within another person's view of a page, allowing the attacker to do things like steal information from the page, perform actions as the user, and so on. That's a big problem if the visitor is a logged-in administrative user, as their account could be hijacked to take over the website.

https://www.theregister.com/2023/05/08/wordpress_plugin_vulnerability/?td=rt-3a