fbpx

The Official Facebook Chat Plugin Created Vector for Social Engineering Attacks

On June 26, 2020, our Threat Intelligence team discovered a vulnerability in The Official Facebook Chat Plugin, a WordPress plugin installed on over 80,000 sites. This flaw made it possible for low-level authenticated attackers to connect their own Facebook Messenger account to any site running the vulnerable plugin and engage in chats with site visitors on affected sites.

We initially reached out to Facebook on June 26, 2020 and included the full disclosure details at the time of reaching out. They initially responded on June 30, 2020, and after much back and forth, Facebook released a patch on July 28,

This post was originally published on this site

GET UP TO $500K IN BUSINESS FUNDING

Pin It on Pinterest

Share This
Xiphos Web Marketing

FREE
VIEW