Security News > 2020 > January > Updated your WordPress plugins lately? Here are 320,000 auth-bypassing reasons why you should

Updated your WordPress plugins lately? Here are 320,000 auth-bypassing reasons why you should
2020-01-15 00:15

A pair of widely used WordPress plugins need to be patched on more than 320,000 websites to close down vulnerabilities that can be exploited to gain admin control of the web publishing software.

The team at WebArx, a security firm specializing in WordPress and other CRM and publishing platforms, took credit for discovering and reporting the flaws in WP Time Capsule and InfiniteWP. Both plugins were patched earlier this month by the developer, and updates should be applied.

"Because authentication bypass vulnerabilities are often logical mistakes in the code and don't actually involve a suspicious-looking payload, it can be hard to find and determine where these issues come from," WebArx explained.

Let this serve as a reminder to admins that WordPress and all of its plugins should be included in your regular update cycles.

While patches for Windows, Acrobat, and other software get much of the press, WordPress is an extremely popular target for attackers looking to hijack sites and install things like cryptocoin miners or MageCart.


News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/01/15/update_wordpress_plugins/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Wordpress 49 36 410 104 29 579