PTA warns about security risks in WordPress plugins

The Pakistan Telecommunication Authority (PTA) has issued a cybersecurity warning for website owners and developers, alerting them about serious security issues found in several WordPress plugins used across the country.

According to the advisory, multiple Cross-Site Request Forgery (CSRF) flaws have been discovered in plugins like MetricThemes Munk Sites, FancyWP Starter Templates, OneStore Sites, WP Keyword Monitor, URL-Preview-Box, Vignette Ads, Show Notice or Message on Admin Area, WP Social Stream, and WP Admin Custom Page. These weaknesses could allow hackers to perform unauthorized actions using a logged-in user’s account.

PTA also warned that some of these vulnerabilities could lead to Stored Cross-Site Scripting (XSS) attacks, which can damage websites, steal sensitive data, or inject harmful code. The authority marked the threat as high risk, urging immediate action.

Website owners and developers are advised to update all affected plugins, follow WordPress security guidelines, and limit admin access to trusted users only. Installing reliable security plugins can also help detect and block CSRF and XSS attacks.

PTA further emphasized that both user awareness and developer responsibility are crucial for keeping websites secure. It recommended using CSRF tokens (nonces), training staff to recognize phishing attempts, and practicing safe browsing habits.

Read More: Islamabad reopens all routes after extended blockages