Podcast Episode 46: Zero Day Vulnerability in Rich Reviews Plugin Exploited In The Wild
We chat with Mikey Veenstra to talk about the Wordfence Threat Intelligence team’s work tracking a series of active attacks on an unpatched vulnerability in the Rich Reviews plugin for WordPress. With an estimated 16,000 installations, attackers are targeting unauthenticated plugin option updates, which can be used to deliver stored cross-site scripting (XSS) payloads. Mikey explains how this works and what users of Rich Reviews can do to protect themselves. Podcast recorded September 24, 2019.
Update as of September 26, 2019: Nuanced Media announced that they have discontinued development on the Rich Reviews plugin.
Find us on your favorite app or platform including iTunes, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast.
Click here to download an MP3 version of this podcast. Subscribe to our RSS feed.
Some sources we reference in this week’s episode include:
- Mikey’s original research about Rich Reviews plugin zero-day vulnerability.
You can find Mikey on Twitter as @heyitsmikeyv, Mark on Twitter as @mmaunder and Kathy as @kathyzant.
Please feel free to post your feedback in the comments below.
Comments
2:51 am
my website was hacked for this plugin