An affected plugin which redirects site and will not be updated in the future. Wordfence put out a release and we are asking if you have or are using this plugin on your site, that you copy over your reviews, disable this plugin immediately and remove this plugin from your site. Then use a plugin that has reviews that is up to date with current version of WordPress and have to manually put back in your reviews. The rich reviews plugin will no longer be updated to fix this malware problem so remove it immediately from your site. Problem is , it is redirecting URLs on site to malicious malwared sites, like porn etc.

Here is the release from Wordfence security.

Description: XSS Via Unauthenticated Plugin Options Update
Affected Plugin: Rich Reviews

The Wordfence Threat Intelligence team is tracking a series of attacks against an unpatched vulnerability in the Rich Reviews plugin for WordPress. The estimated 16,000 sites running the plugin are vulnerable to unauthenticated plugin option updates, which can be used to deliver stored cross-site scripting (XSS) payloads.

Attackers are currently abusing this exploit chain to inject malvertising code into target websites. The malvertising code creates redirects and popup ads. Our team has been tracking this attack campaign since April of this year. You can find additional research covering this attack campaign, published by us in April and again in August of this year.

The Wordfence firewall already has built-in rules that reliably block the XSS injections in this campaign, both for Premium users and those who haven’t upgraded yet. In addition to this, we have released a new firewall rule for our Premium customers to prevent attackers from making configuration changes, such as removing the need for review approval or defacing certain text elements.

This new Wordfence firewall rule prevents manipulation of the plugin’s settings and has been automatically deployed to our Wordfence Premium customers. The new rule will be released to free users in 30 days.

The plugin’s developers are aware of this vulnerability, but there is no patch currently available. Please see our notes on disclosure below. We recommend users find an alternative solution as soon as possible, or remove the Rich Reviews plugin from your site.

The vulnerability in this plugin is being actively exploited. The Wordfence team is seeing this in our attack data and our Security Services Team has assisted customers of our site cleaning service who have had their site compromised by an attacker who exploited this vulnerability.


See the full post from: Zero Day Vulnerability in Rich Reviews Plugin Exploited In The Wild
This entry was posted in Vulnerabilities, WordPress Security on September 24, 2019


Pin It on Pinterest