HomeNewsImportant plugin flaw opens over 1,000,000 WordPress websites to RCE assaults

Important plugin flaw opens over 1,000,000 WordPress websites to RCE assaults

RCE by Twig SSTI

Twig server-side template injection (SSTI) is a sort of security vulnerability that happens when person enter is wrongly dealt with and instantly inserted right into a Twig template, a well-liked PHP templating engine. Distant code execution might be achieved when an internet software permits the person (an attacker) to inject malicious payloads into the Twig template with out correct sanitization or escaping.

“The vulnerability lies within the dealing with of shortcodes throughout the WPML plugin,” stealthcopter added. “Particularly, the plugin makes use of Twig templates for rendering content material in shortcodes however fails to correctly sanitize enter, resulting in server-side template injection (SSTI).”

Shortcodes in WordPress allow customers to simply add dynamic content material, resembling galleries, kinds, buttons, or customized content material blocks, to posts, pages, or widgets while not having to put in writing complicated code.

See also  C-suite weighs in on generative AI and security
- Advertisment -spot_img
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular