WordPress Plugin Vulnerabilities
Digital Climate Strike WP <= 1.0.0 - Redirect to Malicious Website due to Compromised JS Asset
Description
The plugin loads a JavaScript asset from a remote website which seems to have been compromised. The widget.js file, loaded from https://assets.digitalclimatestrike.net/widget.js, redirects users to gladdiator[dot]io and is being flagged as malicious.
I've reported this to the plugin authors but have not heard anything back yet.
Proof of Concept
The PoC will be displayed once the issue has been remediated.
Affects Plugins
References
Classification
Type
REDIRECT
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Steve Perry
Submitter
Steve Perry
Submitter website
Submitter twitter
Verified
No
WPVDB ID
Timeline
Publicly Published
2021-01-21 (about 3 years ago)
Added
2021-01-21 (about 3 years ago)
Last Updated
2021-01-22 (about 3 years ago)