You are here
Home > Be Aware > Disgruntled security firm discloses zero-days in Facebook’s WordPress plugins

Disgruntled security firm discloses zero-days in Facebook’s WordPress plugins

Time to check all your WordPress installs…:

A US-based cyber-security firm has published details about two zero-days that impact two of Facebook’s official WordPress plugins.

The details also include proof-of-concept (PoC) code that allows hackers to craft exploits and launch attacks against sites using the two plugins.


The two zero-days impact “Messenger Customer Chat,” a WordPress plugin that shows a custom Messenger chat window on WordPress sites, and “Facebook for WooCommerce,” a WordPress plugin that allows WordPress site owners to upload their WooCommerce-based stores on their Facebook pages.

The first plugin is installed by over 20,000 sites, while the second has a userbase of 200,000 — with its statistics exploding since mid-April when the WordPress team decided to start shipping the Facebook for WooCommerce plugin as part of the official WooCommerce online store plugin itself.

Since then, the plugin has garnered a collective rating of 1.5 stars, with the vast majority of reviewers complaining about errors and a lack of updates.


Original Article

Peter Glock
Over 30 years of designing, building and managing telecoms and IT services. Primarily working with large enterprise and professional services businesses in Asia, North America, continental Europe and the UK. Information security professional, secret physics nerd.

Similar Articles

Leave a Reply

%d bloggers like this: