The Official Facebook for WordPress plugin (aka Facebook Pixel) which is designed to give Facebook another way to track our activities online, was recently fully patched to fix two serious vulnerabilities including a PHP Object Injection and a Cross-Site Request Forgery (aka CSRF to Stored XSS). Both flaws were introduced with the release of version 3.0 of the Facebook plugin.
After multiple updates, a fully patched version of the “Official Facebook for WordPress” plugin, ver. 3.0.5, was released on March 10th to fix these vulnerabilities and can be downloaded from WordPress.org or you may update directly from your site’s Plugins > Installed Plugins page.
For more on this vulnerability including detailed examples, please visit:
Two Vulnerabilities Patched in Facebook for WordPress Plugin (c/o Wordfence Blog)
If you’re on one of our WordPress Care Plans, we’ve already taken action to protect and patch your site(s) against this flaw. No ESC! Technologies Group clients have been affected by this vulnerability.