Security News > 2021 > February > Critical WordPress Plugin Flaw Allows Site Takeover
Researchers are urging WordPress websites that utilize the NextGen Gallery plugin to apply a patch addressing critical and high-severity flaws.
Researchers discovered two cross-site request forgery flaws - one critical and one high-severity - in the plugin.
CSRF is a type of web flaw that allows an attacker to trick web browsers into performing malicious, unauthorized commands.
"If you know a friend or colleague who is using this plugin on their site, we highly recommend forwarding this advisory to them to help keep their sites protected as these are critical and high severity vulnerabilities that can lead to full site takeover," said researchers.
The flaw is only the latest to plague a WordPress plugin.
In January, two flaws in a WordPress plugin called Orbit Fox were found that could allow attackers to inject malicious code into vulnerable websites, or take control of a website.
News URL
https://threatpost.com/critical-wordpress-plugin-flaw-site-takeover/163734/
Related news
- Litespeed Cache bug exposes millions of WordPress sites to takeover attacks (source)
- Critical Flaw in WordPress LiteSpeed Cache Plugin Allows Hackers Admin Access (source)
- Critical WPML Plugin Flaw Exposes WordPress Sites to Remote Code Execution (source)
- LiteSpeed Cache bug exposes 6 million WordPress sites to takeover attacks (source)
- Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress (source)
- Patch now: Critical Nvidia bug allows container escape, complete host takeover (source)
- Critical flaw in NVIDIA Container Toolkit allows full host takeover (source)