New WordPress plugin vulnerabilities put millions of websites at risk! Users are now prompted to update their accounts
New vulnerabilities in WordPress plugins put millions of websites at risk. Various security experts have warned that these flaws could lead to massive user data leaks, allowing hackers and other cyber criminals to acquire critical data from consumers around the world.
(Photo: Photo by Joe Raedle / Getty Images)
Lt. Mike Baute of Florida’s Child Predator CyberCrime Unit speaks with people on instant messaging during the grand opening of a new CyberCrimes office on March 7, 2008 in Fort Lauderdale, Florida. One of the people on the other side of the conversation told Lt. Baute, who says he’s a 14-year-old girl, he’s a 31-year-old man and sent him a photo of himself . According to current statistics, more than 77 million children regularly use the Internet.
“These flaws allowed an attacker to export sensitive information and send arbitrary emails from a vulnerable site that could be used to phish unsuspecting users,” said cybersecurity experts at Wordfence. , a security company that develops solutions for the protection of WordPress installations.
Based on their findings, WordPress currently suffers from two vulnerabilities in the popular Ninja Forms plugin. They explained that Ninja Forms currently has over a million websites in its install base.
They added that these new security holes have surfaced because the WordPress plugin typically relies on a dangerous implementation of the user permissions verification mechanism, as explained by the security researchers involved via BestGamingProthe latest report from.
Millions of WordPress in danger!
According to Technical radarIn the latest report, the issue with WordPress plugins relates to user permissions activity. At the moment, the popular platform relies on an insecure system that only checks whether the consumer is logged in or not.
(Photo: Photo credit to read ISSOUF SANOGO / AFP via Getty Images)
A woman uses a laptop computer on April 3, 2019 in Abidjan. – According to figures from the national police’s platform for the fight against cybercrime (PLCC), nearly a hundred internet crooks were arrested in 2018 in Côte d’Ivoire, a country known for its crooks on the web, announced on April 2, 2019 the Ivorian authority for the regulation of telephony.
Also Read: ExpressVPN CIO Fines $ 1.6 Million For Spying And Hacking
Security experts explained that it couldn’t verify the correct permissions, which are typically triggered by user’s digital activity on a website.
One of the main vulnerabilities it creates is allowing account access to export all sensitive user data to a website. It just means that if you leave your account open on a certain device, people with access to that gadget could easily disclose your data without being asked for permission from the account owner.
At the moment, WordPress is just one of the victims of the growing hacking industry. In other news, Fortinet VPN has also been hit with a massive password leak. On the other hand, T-Mobile was hacked by a cybercriminal who could steal user data in just a week.
WordPress consumers are now invited to update!
Wordfence cybersecurity experts are now urging WordPress users to update their accounts.
However, there are some important details you should know before installing the latest platform security features. WordPress explained that once you upgrade your account or website, all of your files will be affected.
These include videos, photos, documents, and other records. To learn more about updating WordPress, just click on this connect.
For more updates on WordPress and other platforms affected by major security vulnerabilities, always keep your tabs open here at TechTimes.
Associated article: Father-son hacker duo are on a quest to help people recover their missing crypto after forgotten wallet passwords
This article is owned by TechTimes
Written by: Griffin davis
2021 TECHTIMES.com All rights reserved. Do not reproduce without permission.