Updates on WordPress security, Wordfence and what we're cooking in the lab today.

Wordfence Blog

Podcast Episode 46: Zero Day Vulnerability in Rich Reviews Plugin Exploited In The Wild

This entry was posted in Podcasts on September 25, 2019 by Kathy Zant   1 Reply

We chat with Mikey Veenstra to talk about the Wordfence Threat Intelligence team’s work tracking a series of active attacks on an unpatched vulnerability in the Rich Reviews plugin for WordPress. With an estimated 16,000 installations, attackers are targeting unauthenticated plugin option updates, which can be used to deliver stored cross-site scripting (XSS) payloads. Mikey explains how this works and what users of Rich Reviews can do to protect themselves. Podcast recorded September 24, 2019.

Update as of September 26, 2019: Nuanced Media announced that they have discontinued development on the Rich Reviews plugin.

Find us on your favorite app or platform including iTunes, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast.

Click here to download an MP3 version of this podcast. Subscribe to our RSS feed.

Some sources we reference in this week’s episode include:

You can find Mikey on Twitter as @heyitsmikeyv, Mark on Twitter as @mmaunder and Kathy as @kathyzant.

Please feel free to post your feedback in the comments below.

Did you enjoy this post? Share it!

1 Comment on "Podcast Episode 46: Zero Day Vulnerability in Rich Reviews Plugin Exploited In The Wild"

usta September 26, 2019 at 2:51 am

my website was hacked for this plugin

Follow Us


Protect your websites with the #1 WordPress Security Plugin

Get Premium
Over 200 million downloads

Wordfence Newsletter

Get WordPress Security Alerts and Product Updates