Podcast Episode 46: Zero Day Vulnerability in Rich Reviews Plugin Exploited In The Wild
We chat with Mikey Veenstra to talk about the Wordfence Threat Intelligence team’s work tracking a series of active attacks on an unpatched vulnerability in the Rich Reviews plugin for WordPress. With an estimated 16,000 installations, attackers are targeting unauthenticated plugin option updates, which can be used to deliver stored cross-site scripting (XSS) payloads. Mikey explains how this works and what users of Rich Reviews can do to protect themselves. Podcast recorded September 24, 2019.
Update as of September 26, 2019: Nuanced Media announced that they have discontinued development on the Rich Reviews plugin.
Some sources we reference in this week’s episode include:
- Mikey’s original research about Rich Reviews plugin zero-day vulnerability.
Please feel free to post your feedback in the comments below.