Researchers find serious flaws in WordPress plugins used on 400k sites
19 Jan
2020
19 Jan
'20
10:13 p.m.
'Serious vulnerabilities have recently come to light in three WordPress plugins that have been installed on a combined 400,000 websites, researchers said. InfiniteWP, WP Time Capsule, and WP Database Reset are all affected.
The highest-impact flaw is an authentication bypass vulnerability in the InfiniteWP Client, a plugin installed on more than 300,000 websites. It allows administrators to manage multiple websites from a single server. The flaw lets anyone log in to an administrative account with no credentials at all. From there, attackers can delete contents, add new accounts, and carry out a wide range of other malicious tasks.'
-- source: https://arstechnica.com/information-technology/2020/01/researchers-find-seri...
Cheers, Peter
--
Peter Reutemann
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174
http://www.cms.waikato.ac.nz/~fracpete/
http://www.data-mining.co.nz/
1636
Age (days ago)
1636
Last active (days ago)
0 comments
1 participants
participants (1)
-
Peter Reutemann