Description

WordPress Plugin Facebook-this is injecting "goo.gl" spam links into the website's content, thus publicizing external websites to search engines without the authorization of the website's owner. WordPress Plugin Facebook-this version 2.5 is vulnerable; prior versions may also be affected.

Remediation

Disable the plugin until a fix is available

References

https://blog.sucuri.net/2017/06/when-your-plugins-turn-against-you.html

Related Vulnerabilities

WordPress Plugin Shopping Cart & eCommerce Store Unspecified Vulnerability (3.1.9)

WordPress Plugin Video Posts Webcam Recorder Cross-Site Scripting (1.55.4)

WordPress Plugin GNUCommerce Cross-Site Scripting (1.4.1)

Drupal Core 8.8.x Remote Code Execution (8.8.0 - 8.8.11)

WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk SQL Injection (5.153.3)

Severity

High

Classification

CWE-610 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Tags

Missing Update