Search the Community
Showing results for tags 'wordpress'.
A critical bug in the popular Wordpress plugin wpDiscuz allow users to upload and execute code remotely. This is because of a bug in the file mime type detection that allowed any file type to be uploaded. This open up the server to remote code execution (RCE) that could result in the entire server being compromised. The vulnerability was reported to wpDiscuz's developers by Wordfence's Threat Intelligence team on June 19 and was fully patched with the release of version 7.0.5 on July 23. Since then 25.000 users have downloaded this update, leaving at least 45.000 sites still vulnerable
Two WordPress plugins, InfiniteWP Client and WP Time Capsule have been found to suffer from a critical authorization bypass bug that allows people to access a site’s backend with no password. All an attacker needs is the admin username for the WordPress plugins and they are in. Both plugins are designed to allow users to authenticate to multiple WordPress installations from one central server. That allows site owners to “perform maintenance such as one-click updates for core, plugins, and themes across all sites, backup and site restores, and activating/deactivating plugins and themes on