Episode 46: Zero Day Vulnerability in Rich Reviews Plugin Exploited In The Wild

We chat with Mikey Veenstra to talk about the Wordfence Threat Intelligence team's work tracking a series of active attacks on an unpatched vulnerability in the Rich Reviews plugin for WordPress. With an estimated 16,000 installations, attackers are targeting unauthenticated plugin option updates, which can be used to deliver stored cross-site scripting (XSS) payloads. Mikey explains how this works and what users of Rich Reviews can do to protect themselves. Podcast recorded September 24, 2019.