Plugin vulnerability finders tell WordPress users to update asap
Three WordPress plugins have been picking up quite the glare of attention this month after researchers found serious vulnerabilities in them—and the numbers are sobering, in that these plugins have been installed on more than 400,000 websites—with users too wide open for cyberattacks to ignore. The three plugins in the spotlight were InfiniteWP, WP Time Capsule, and WP Database Reset plugins.
ZDNet was one of the tech watching sites to prod readers to action: "If you use these plugins you should update immediately as firewall l protection will not work." HotHardware's Brittany Goetting offered some more grim numbers. There are over 50,000 plugins to go round and not all are created equal, she wrote. Out of the three in the spotlight, one may as well begin with the authentication bypass vulnerability in the InfiniteWP Client. Naked Security described it as a tool that allows admins to manage multiple WordPress sites from the same interface.
Administrators overseeing sites use InfiniteWP Client. At least 300,000 of sites could have been affected by the vulnerability, Goetting said. The plugin, it was found, lacked certain authorization checks. "You are vulnerable if you are using InfiniteWP Client versions up to 184.108.40.206, and as a result users of the plugin should update their sites to version 220.127.116.11 as soon as possible," she wrote.
|Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)|
|Thread||Thread Starter||Forum||Replies||Last Post|
|Microsoft forcing users to update to Windows Phone 7.5 - TechRadar UK||News||News||0||26-04-2012 10:20 PM|
|HSL Announce Direct Availability of Femtocells to Mobile Users||newsprovider||News||0||28-08-2009 1:25 PM|
|Mobile broadband via laptop users to reach 418m worldwide in 2017, LTE users to reach||newsprovider||News||0||15-07-2009 4:49 PM|
|YouTube for Mobile Update Brings Happiness to Millions of Users - Enews 2.0||News||News||0||27-01-2008 10:40 PM|
|Mobile Blogging Plug-In Available for Wordpress Users - Information Week Weblog||News||News||0||02-05-2007 5:53 AM|