Skip Ribbon Commands
Skip to main content
Computer Security Incident Response Team of Mauritius (CERT-MU)

VN-2019-25


WordPress Richview Zero Day Vulnerability
Severity Rating: High
Systems Affected:
  • WordPress Richview
Description
A vulnerability has been identified in WordPress plugin Richviews, which can be exploited by remote  attackers to deliver stored cross-site scripting (xss) payloads. The vulnerability exist because of two core issues in the Rich  Reviews. The first one is  a lack of access controls for modifying the plugin’s options, and secondly is a subsequent lack of sanitization on the values of those options. Consequently, this can result in malvertisements being injected, causing pop up ads and redirects to appear on the site using the plug-in.
Solution
The vendor has discontinued all active support and development of Richviews. Users are advised to remove the plugin from their sites immediately
Vendor Information
WordPress
References
SC Magazine
WordFence
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis