zero day yellow pencil visual theme customizer
Chalk this one up to another irresponsible researcher.

Yep. Another zero-day exploit of a WordPress plugin announced to the world irresponsibly by a researcher.

The way this is supposed to work: Researcher finds an exploit. He notifies the plugin developer and gives said developer time to develop a patch.

Developer makes the patch and makes it available to the public. THEN the researcher makes the announcement that he discovered a vulnerability.

This asshole skipped a couple steps.

More from Wordfence:

On Monday the WordPress plugin Yellow Pencil Visual Theme Customizer was closed in the WordPress.org plugin repository. The plugin is quite popular, with an active install base of over 30,000 websites. On Tuesday a security researcher made the irresponsible and dangerous decision to publish a blog post including a proof of concept (POC) detailing how to exploit a set of two software vulnerabilities present in the plugin.

We are seeing a high volume of attempts to exploit this vulnerability. The exploits very closely resemble the POC posted by the irresponsible researcher.

Wordfence, April 11, 2019

There are at least two potential remedies to you if you're using the Yellow Pencil plugin:

  1. Remove it and wait for a patch
  2. Get Wordfence Premium

Source: Zero-Day Vulnerability in Yellow Pencil Visual Theme Customizer Exploited in the Wild


Tags

vulnerability, WordPress, Yellow Pencil Visual Theme Customizer, zero-day


You may also like

Off-Page SEO Checklist: Our Top 8 Tips

Off-Page SEO Checklist: Our Top 8 Tips

Mar-Tech Roundup, August 7, 2023

Mar-Tech Roundup, August 7, 2023
{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Want even more Marketing Tools, Courses, News, and Personal Development Info?

>