WEST PALM BEACH, FL – At 3:47 PM today, the Threat Intelligence Team from WordFence, posted research detailing a vulnerability in The Official Facebook Chat Plugin, currently installed on over 80,000 WordPress websites. This vulnerability allowed authenticated attackers to connect their own Facebook Messenger account to any site running the vulnerable plugin and engage in chats with site visitors on affected sites.
We initially reached out to Facebook on June 26, 2020 and included the full disclosure details at the time of reaching out. They initially responded on June 30, 2020, and after much back and forth, Facebook released a patch on July 28, 2020. We highly recommend updating to version 1.6 immediately to keep your site protected against any attacks attempting to exploit this vulnerability.
The Wordfence WordPress security plugin provides free enterprise-class WordPress security, protecting your website from hacks and malware. Real-time IP Blacklisting, Firewall Rule Updates and Real-time Malware Signature Updates are available for premium paid users.
About The Author: John Colascione is Chief Executive Officer of Internet Marketing Services Inc. He specializes in Website Monetization, is a Google AdWords Certified Professional, authored a ‘how to’ book called ”Mastering Your Website‘, and is a key player in several Internet related businesses through his search engine strategy brand Searchen Networks®