A Stored XSS Vulnerability was discovered in WordPress plugin, WP-UserOnline, by security researcher Steffin Stanly. With over 20,000 Active Installations, site administrators are urged to update to the latest available version ( 2.88.0 ) which addresses this vulnerability.
Exploit Author: Steffin Stanly
Vendor Homepage: https://github.com/lesterchan/wp-useronline
Software Link: https://wordpress.org/plugins/wp-useronline/
Tested on Windows
How to reproduce vulnerability:
- Install WordPress 6.0.1 2.
- Install and activate WP-UserOnline plugin.
- Navigate to Setting >> WP-UserOnline and enter the data into the User(s) Browsing Site.
- Add the following payload, and save changes.
Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for our Weekly Cybersecurity Newsletter Today.
Remember, CyberSecurity Starts With You!
- Globally, 30,000 websites are hacked daily.
- 64% of companies worldwide have experienced at least one form of a cyber attack.
- There were 20M breached records in March 2021.
- In 2020, ransomware cases grew by 150%.
- Email is responsible for around 94% of all malware.
- Every 39 seconds, there is a new attack somewhere on the web.
- An average of around 24,000 malicious mobile apps are blocked daily on the internet.
- UK bans Chinese CCTV cameras at ‘sensitive’ government locations - 26 November 2022
- Chrome Update: Exploited Zero-Day Vulnerability fixed by Google, the 8th this year - 25 November 2022
- RESEARCH: analytics information related to iPhones include a Directory Services Identifier (DSID) that may be used to identify users - 24 November 2022