WordPress Admins Urged to Remove miniOrange Plugins Due to Critical Flaw

2024-03-18 09:46

WordPress users of miniOrange's Malware Scanner and Web Application Firewall plugins are being urged to delete them from their websites following the discovery of a critical security flaw. The flaw, tracked as CVE-2024-2172, is rated 9.8 out of a maximum of 10 on the CVSS scoring system. It impacts the following versions of the two plugins - Malware Scanner (versions <= 4.7.2) Web

News URL

https://thehackernews.com/2024/03/wordpress-admins-urged-to-remove.html

#critical #wordpress #CVE-2024-2172

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2024-03-13	CVE-2024-2172	The Malware Scanner plugin and the Web Application Firewall plugin for WordPress (both by MiniOrange) are vulnerable to privilege escalation due to a missing capability check on the mo_wpns_init() function in all versions up to, and including, 4.7.2 (for Malware Scanner) and 2.1.1 (for Web Application Firewall).	0.0

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Wordpress		49	36	408	104	29	577
Miniorange		21	6	17	11	5	39

News URL

Related news

Related Vulnerability

Related vendor