AdSanity, AccessPress Plugins Open Scads of WordPress Sites to Takeover

2022-01-25 16:22

The first issue affects the WordPress AdSanity plugin.

AdSanity Plugin Allows RCE. AdSanity is a light ad rotator plugin for WordPress.

AccessPress Themes provides multiple free and paid themes and plugins that can be used to customize WordPress-powered sites - a whopping 64 themes and 109 plugins overall, collectively accounting for 360,000 installs, according to its website.

"Anyone can write a WordPress plugin and share it with the world. WordPress and its underlying language, PHP, are often an entry-point into web technologies for many adventurous and entrepreneurial self-starters, which is a boon to the ecosystem, but a challenge to its security. I'm speaking specifically from personal experience here as WordPress was a part of my early exposure to developing websites professionally, and I personally created WordPress plugins that in hindsight were riddled with vulnerabilities."

"WordPress isn't just a blog software. Automattic - the company behind WordPress - has been silently taking over more areas of the web for years," he said.

"Any time a technology is as pervasive as WordPress it becomes a popular target for hackers because they can count on a percentage of administrators not staying on top of updates for both the core platform and WordPress plugins. We'd recommend running a security audit of WordPress and its plugins at least quarterly, and responsibly updating the software as soon as new security releases become available."

News URL

https://threatpost.com/adsanity-accesspress-plugins-wordpress-sites-takeover/177932/

#takeover #wordpress

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Wordpress		7	2	95	44	18	159