Last month, a stored cross-site scripting (XSS) flaw was patched in version 5.2.0 of the popular WordPress plugin Abandoned Cart Lite For WooCommerce. A lack of sanitation on both input and output allows attackers to inject malicious JavaScript payloads into various data fields, which will execute when a logged-in user with administrator privileges views the list of abandoned carts from their WordPress dashboard.
At this time, any WordPress sites making use of the plugin are advised to update to the latest available version as soon as possible.
It's important to log in to your site regularly and update your plugins and Wordpress software.
Wednesday, March 13, 2019
