WordPress Autoptimize plugin vulnerability disrupts +1 Million sites

WordPress optimization plugin Autoptimize recently came up with its update to fix a Stored XSS vulnerability. Publishers who are using the Autoptimize plugin, need to update it immediately to reduce the possibility of exposure to hacking.

A Stored Cross-Site Scripting vulnerability takes place when the software has a flaw. However, this flaw allows the hacker to upload a malicious file that can attack someone else who visits the site.

There are various kinds of stored XSS vulnerabilities. It is not at all clear which kind is this. However, based on where the malicious file is getting upload, this vulnerability can become problematic. This can be much vulnerable for those who are visiting the site with the admin privileges and receiving the payload. It can lead to a complete site takeover.

As per the United States Government National Institute of Standards and Technology, a US Commerce Department website defines cross-site scripting. It is also a vulnerability that allows the attackers to inject malicious code into a benign website.

These scripts usually acquire the permissions for the scripts generated from the target website. It can also compromise the confidentiality and the integrity of the data transferring between the client and the website.

Websites become vulnerable as they display the users the supplied data from the requests or forms without the data sanitization. This is having the name of a stored XSS vulnerability. However, the malicious file gets stored on the website itself.

The description of the vulnerability says that The Common Vulnerability Scoring System is working as the open framework. It works for the communicating of the characteristics and with the severity of the software vulnerabilities.

This vulnerability is affecting the Autoptimize plugin, known as the Authenticated stored XSS vulnerability. It means that the hacker must log in to the site to take advantage of this flaw. This may be due to contributing reasons or for why the severity level of the Autoptimize WordPress Plugin has been rated as medium. It has a 5.4 score on a scale of 1-10.