+1 Million Sites Affected With WordPress Autoptimize Plugin Vulnerability – May 2021 Update

+1 Million Sites Affected With WordPress Autoptimize Plugin Vulnerability - May 2021 Update

The WordPress Autoptimize optimization plugin was recently updated to fix the Stored XSS vulnerability.

Publishers using this plugin are recommended to update it immediately to reduce the chance of hacker attacks.

Stored XSS Vulnerability

Stored Cross-Site Scripting (XSS) vulnerability refers to a vulnerability in software that allows hackers to upload malicious files and then attack other people visiting the site.

There are many types of stored XSS vulnerabilities and it is not clear which one it is.

However, depending on where the malicious file is uploaded, this type of vulnerability can be particularly problematic when someone with administrator privileges visits the site and receives the payload, which can lead to the entire site being taken over.

Vulnerability Rating

The vulnerabilities are classified using an open source standard called the Common Vulnerability Scoring System (CVSS).

Vulnerability scores generally refer to using CVSS version 3.1.

The vulnerability affecting Autoptimize is called the Authentication Store XSS vulnerability, which means that hackers must log into the site to exploit this vulnerability.

Autoptimize WordPress Plugin vulnerability has been rated as medium, with a score of 5.4 on a scale of 1 to 10.

Autoptimize Changelog

The change log is a record of all changes made each time the software is updated.

It usually declares a version, sometimes the version date and the changes included in the update.

Although the level of this vulnerability is “medium”, it is recommended that all publishers using this plug-in update it immediately to ensure security.

Source: 

Documentation of Autoptimize Vulnerability at Patchstack Security Site

Official Autoptimize Changelog

Leave a Comment

%d bloggers like this: