Multiple Reflected Cross-Site Scripting Vulnerabilities in Three WordPress Plugins Patched

The Wordfence Threat Intelligence Team recently disclosed several Reflected Cross-Site Scripting vulnerabilities that we discovered in three different plugins – Watu Quiz (installed on 5,000 sites), GN-Publisher (installed on 40,000 sites), and Japanized For WooCommerce (installed on 10,000 sites). As with all Reflected Cross-Site Scripting vulnerabilities, these could be leveraged for a complete site takeover as long as an unauthenticated attacker could successfully trick a site administrator into performing an action, such as clicking on a link or visiting a website under the attacker’s control.

All Wordfence customers, including Wordfence Premium, Wordfence Care, and Wordfence Response customers as well as those still using the free version of our plugin, are protected against any exploits targeting these vulnerabilities by the Wordfence firewall’s built-in Cross-Site Scripting protection.

Vulnerability Summaries

Description: Reflected Cross-Site Scripting
Affected Plugin: Watu Quiz
Plugin Slug: watu
Affected Versions:

Source: wordfence.com