Security News > 2020 > July > Advertising Plugin for WordPress Threatens Full Site Takeovers

Advertising Plugin for WordPress Threatens Full Site Takeovers
2020-07-08 20:12

The Adning Advertising plugin for WordPress, a premium plugin with over 8,000 customers, contains a critical remote code-execution vulnerability with the potential to be exploited by unauthenticated attackers.

In May for instance, Page Builder by SiteOrigin, a WordPress plugin with a million active installs that's used to build websites via a drag-and-drop function, was found to harbor two flaws that could allow full site takeover.

In March, another critical vulnerability in a WordPress plugin known as "ThemeREX Addons" was found that could open the door for remote code execution in 44,000 websites.

Two vulnerabilities - including a high-severity flaw - were patched in a popular WordPress plugin called Popup Builder.

In February, popular WordPress plugin Duplicator, which has more than 1 million active installations, was discovered to have an unauthenticated arbitrary file download vulnerability that was being attacked.


News URL

https://threatpost.com/advertising-plugin-wordpress-full-site-takeovers/157283/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Wordpress 7 2 95 44 18 159
Plugin 2 0 13 1 0 14