CyberNews Briefs

WordPress Plugin Flaw Allows Attackers to Forge Emails

More than 100,000 WordPress sites are subject to a critical flaw that lies in a plugin service called Email Subscribers and Newsletters by Icegram. The plugin is a high-severity flaw that allows websites to send out emails and newsletters to subscribers securely and efficiently, however, it is now being exploited by threat actors to perform email compromise.

According to security researchers at Tenable who uncovered the flaw, a remote attacker could potentially leverage the flaw to send out forged emails to recipients listed under subscribers. This unauthenticated threat actor would be able to choose the subject and content of the outgoing messages. In an advisory posted on Thursday, Tenable states that all users should upgrade the plugin to version 4.5.6 or higher.

Read More: WordPress Plugin Flaw Allows Attackers to Forge Emails

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.