Plugin banner injection vulnerability

Third attempt to post this and get around the aut0 m0derat0r.

A plugin injected a banner that contained JS that changed all the URLs within/wp-admin/. This seems like a pretty big WP security hole. I am not sure how WP fences those banners, but it looks like it may need to be tightened.

Is there a plugin that blocks advertising (external) banners from being injected into the site? I searched but I didn’t see any that were that granular.

1 Comment
  1. No, there is no plugin that prevents malicious plugins from being malicious. Only use trusted and vetted plugins.


This site will teach you how to build a WordPress website for beginners. We will cover everything from installing WordPress to adding pages, posts, and images to your site. You will learn how to customize your site with themes and plugins, as well as how to market your site online.

Buy WordPress Transfer