Updated your WordPress plugins lately? Here are 320,000 auth-bypassing reasons why you should

2020-01-15 00:15

A pair of widely used WordPress plugins need to be patched on more than 320,000 websites to close down vulnerabilities that can be exploited to gain admin control of the web publishing software.

The team at WebArx, a security firm specializing in WordPress and other CRM and publishing platforms, took credit for discovering and reporting the flaws in WP Time Capsule and InfiniteWP. Both plugins were patched earlier this month by the developer, and updates should be applied.

"Because authentication bypass vulnerabilities are often logical mistakes in the code and don't actually involve a suspicious-looking payload, it can be hard to find and determine where these issues come from," WebArx explained.

Let this serve as a reminder to admins that WordPress and all of its plugins should be included in your regular update cycles.

While patches for Windows, Acrobat, and other software get much of the press, WordPress is an extremely popular target for attackers looking to hijack sites and install things like cryptocoin miners or MageCart.

News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/01/15/update_wordpress_plugins/

#wordpress #bypassing

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Wordpress		49	36	409	104	29	578