Post by account_disabled on Feb 24, 2024 5:08:41 GMT
Every day there are many WordPress sites on which new plugins are installed and others are updated. And in the case of plugins affected by important vulnerabilities such as the ones we are reporting to you today, the update is not simply recommended. Unfortunately, in fact, even developers with the best intentions are not able to foresee everything that can go wrong with their software. And it is precisely for this reason that it is always important to stay informed about any patches and updates released for all the WordPress plugins that a site contains. WordPress plugin with vulnerability, what to update Vulnerabilities in some WordPress plugins, time to update. speaking of plugins and updates: have you checked whether the ones you have installed on your website are really useful and do what you need? The first way to have a safe website for you and for the users who visit you is to periodically check if the platform and plugins are all updated and if you have all the necessary tools for your site to do what it should.
A plugin that you don't use but remains installed is still America Mobile Number List present and could open the door to a malicious attack. Vulnerability found in Better Search Replace Let's start our overview of plugins where vulnerabilities exist with Better Search Replace . The plugin, developed by WP Engine, is currently present on over a million websites built with WordPress. This is a very useful plugin when a website is moved to a new domain and there is therefore a need to check the databases that everything is redirected correctly. the plugin has a good following and great reviews. The vulnerability, reported by WordFence, is therefore very worrying. Better Search Replace is in fact affected by a PHP Object Injection . In practice, the plugin could allow malicious actors even without authorization to insert PHP objects and, if there are other plugins or elements that create a POP chain, this vulnerability can also be exploited to delete files, collect sensitive data present in databases or insert more malicious code.
The vulnerability is rated by WordFence with a value of and the version you must have installed on your WordPress site must be , any lower version suffers from this vulnerability. Vulnerability found in File Manager The second vulnerability also reported by WordFence and very dangerous, given that it is classified with an concerns the File Manager plugin. In the next paragraph we will instead talk about the vulnerability found in another plugin: File Manager PRO. Don't confuse them. File Manager is a plugin developed for WordPress by mndpsingh287 with over a million active installs and great reviews. It is probably one of the most useful plugins among general utilities as it allows file management from the WordPress backend without FTP. The vulnerability is a Sensitive Information Exposure type , which means that the plugin could allow malicious actors, again as in the previous plugin examined, without authentication to extract sensitive data from the data that is uploaded and downloaded.
A plugin that you don't use but remains installed is still America Mobile Number List present and could open the door to a malicious attack. Vulnerability found in Better Search Replace Let's start our overview of plugins where vulnerabilities exist with Better Search Replace . The plugin, developed by WP Engine, is currently present on over a million websites built with WordPress. This is a very useful plugin when a website is moved to a new domain and there is therefore a need to check the databases that everything is redirected correctly. the plugin has a good following and great reviews. The vulnerability, reported by WordFence, is therefore very worrying. Better Search Replace is in fact affected by a PHP Object Injection . In practice, the plugin could allow malicious actors even without authorization to insert PHP objects and, if there are other plugins or elements that create a POP chain, this vulnerability can also be exploited to delete files, collect sensitive data present in databases or insert more malicious code.
The vulnerability is rated by WordFence with a value of and the version you must have installed on your WordPress site must be , any lower version suffers from this vulnerability. Vulnerability found in File Manager The second vulnerability also reported by WordFence and very dangerous, given that it is classified with an concerns the File Manager plugin. In the next paragraph we will instead talk about the vulnerability found in another plugin: File Manager PRO. Don't confuse them. File Manager is a plugin developed for WordPress by mndpsingh287 with over a million active installs and great reviews. It is probably one of the most useful plugins among general utilities as it allows file management from the WordPress backend without FTP. The vulnerability is a Sensitive Information Exposure type , which means that the plugin could allow malicious actors, again as in the previous plugin examined, without authentication to extract sensitive data from the data that is uploaded and downloaded.