Vulnerability in WP Bakery plugin affected millions of WP sites

We know that WordPress has quickly become the most used platform all over the world and the simple reason is that it is quite simple as well as offers everything you need from a great content management system along with an excellent frontend that can be customized to anyone’s liking. This is what we need to have on every website and WordPress provides that to anyone and everyone for FREE. On the other hand, it is also worth noting that there are plugins for WordPress that help in doing the job so much better.

However, the problem with plugins is that most of them are made by third-party developers which means there is a chance that some of them might get hacked and cause problems for a website. Recently, we have started seeing the cases of WordPress websites getting hacked soar and that is partly due to the pandemic as well. Also, the cases of plugins getting hacked have also become common and that users are told to either update or remove those plugins as soon as possible.

One such issue has been detected right now from a very popular WordPress plugin named WP Bakery which is a page builder and helps you customize the frontend of your website to your liking. Researchers say that vulnerability found in WP Bakery

“allows an attacker to inject malicious JavaScript into pages and posts. The vulnerability allows an attacker to inject code into pages and posts that then attacks site visitor browsers”

It is worth noting that the most common type of WordPress vulnerabilities are XSS problems which are also known as cross-site scripting and this one is an authenticated stored cross-site scripting vulnerability where the attacker places a script inside the victim’s site with the help of website credentials that can be acquired through some methods.