Critical WordPress Plugin Bug Can Lock Admins Out of Websites

2020-04-01 18:03

A pair of security vulnerabilities in the WordPress search engine optimization plugin, known as Rank Math, could allow remote cybercriminals to elevate privileges and install malicious redirects onto a target site, according to researchers.

The Rank Math plugin also comes with an optional module that can be used to create redirects on a site.

In March, a critical vulnerability in a WordPress plugin known as "ThemeREX Addons" was found that could open the door for remote code execution in 44,000 websites.

In February, popular WordPress plugin Duplicator, which has more than 1 million active installations, was discovered to have an unauthenticated arbitrary file download vulnerability that was being attacked.

Earlier that month, a critical flaw in a popular WordPress plugin that helps make websites compliant with the General Data Protection Regulation was disclosed; it could enable attackers to modify content or inject malicious JavaScript code into victim websites.

News URL

https://threatpost.com/critical-wordpress-plugin-bug-lock-admins-out/154354/

#critical #wordpress

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Wordpress		49	36	409	104	29	578
Plugin		2	0	13	0	0	13

News URL

Related news

Related vendor