Image provided by Shutterstock
Recently, it has been discovered that the Appspector Extension for web browsers has been injecting JavaScript code into Search Engines. More alarmingly it has also been injecting code into WordPress Post/Page editor. The popular extension, which has since been removed from Google Chrome and Firefox, detects which technologies are being used on a website.
However, 2 weeks ago random ads started showing up after searching on Google. I just ignored them at the time but when I went to create a WordPress Post I came across a random image icon in the Visual editor display.
I switched to text view and came across a JavaScript file that had conveniently been placed at the bottom of my editor. After deleting it and saving the post again it reappeared.
I checked the Google Chrome Console, in developer tools and I saw that this file was trying to load 3 other JavaScript files which were being blocked by Chrome as an (XSS) Cross-Site Scripting attack.
On removing the appspector extension it automatically opened up another tab which tried to tell me that my flash player was out of date and started downloading a new version. No doubt If I installed it would lead to many viruses.
Having checked all of my WordPress posts and pages including drafts I only encountered it on my last published post and my projects page which I updated the same day. All posts prior to this were fine. However, I am not certain if this affects users using other Content Management Systems like Drupal or Joomla.
If you open your Developer Console in your browser ctrl+alt+i (Windows & Linux) cmd+alt+i (Mac) and check all your posts and pages that have been created or edited. If you see red in your console or any reference to any of the following.
https://worldnaturenet.xyz https://statcounter.biz http://netanalyzer.space
Open up your infected blog post/page in text view and delete the code.
Remember to save your post! Come across any other CMS that has been affected by the Appspector XSS injection? Please feel free to have your say.
Welcome to Hot Web Dev October 2024, featuring the latest technology and web development news.… Read More
In this tutorial, you’ll build a fun and interactive guessing game using Svelte 5, the… Read More
Welcome to Hot Web Dev September 2024, featuring the latest technology and web development news.… Read More
The JavaScript guessing game tutorial is a simple beginner's project. It features modern JavaScript syntax… Read More
If you have been following the monthly Hot Web Dev magazine you will find the… Read More
Welcome to Hot Web Dev August 2024, featuring the latest technology and web development news.… Read More