‫ WordPress plugin vulnerabilities affect 20 million downloads

Number: IRCNE2014072258
Date: 2014-07-20

According to “zdnet”, a new vulnerability in WordPress plugin WPTouch highlights a series of recent discoveries that critically affect active plugins downloaded and used by millions of WordPress bloggers.

Since May, security company Sucuri has found serious security holes in WordPress plugins. If you're a WordPress user and you're running any of these plugins, you'd better update them right away.

All vulnerabilities have been patched in new versions of each plugin. The various vulns can allow an attacker to use your website for phishing lures, to send SPAM, to make you an unwitting malware host, infect other sites (on a shared server), and more.

If you're admin on a WordPress install, check to see that you have the following current versions of each affected plugin:

The most recent vulnerability is in mobile plugin WPTouch, allowing attackers to upload malicious PHP files or backdoors to the target server without needing admin privileges.

The security hole found by Sucuri on Monday. The researchers specified, "This disclosure only applies to 3.x versions of WPtouch. Administrators using 2.x and 1.x versions of the plugin will not be affected by the vulnerability."

Sucuri also noted, "this vulnerability can only be triggered if your website allows guest users to register."


بدون نظر
شما برای نظر دادن باید وارد شوید


تاریخ ایجاد: 27 تیر 1393



امتیاز شما
تعداد امتیازها:0