Category Archives: WordFence

Flaw in WordPress plugin allowed unauthorized admin access, backdoors

Posted on by

A now-patched flaw in a popular plugin was allowing hackers to take over various WordPress sites and act as administrators, putting them in a position to cause further damage, according to Wordfence, a company that makes security software for the publishing platform. The plugin, WP GDPR Compliance, is meant to help WordPress site owners comply with Europe’s General Data Protection Regulation by automating tasks like data access requests and data deletion requests. GDPR requires that companies give their users the option to view or delete data that pertains to them. A bug in the privacy-focused plugin was exploited in the wild, Wordfence said in a report published Thursday, allowing “unauthenticated attackers to achieve privilege escalation.” The vulnerability allowed attackers to force affected WordPress sites to perform arbitrary actions, including installing new administrator accounts. Wordfence researchers said they also observed attackers installing backdoors, but it’s not clear what they’re intended to be used […]

The post Flaw in WordPress plugin allowed unauthorized admin access, backdoors appeared first on Cyberscoop.

Continue reading Flaw in WordPress plugin allowed unauthorized admin access, backdoors

1.5M Unpatched WordPress Sites Hacked Following Vulnerability Disclosure

Posted on by

WordPress security experts said that 1.5M sites have been defaced following the disclosure of a silently fixed content injection vulnerability. Continue reading 1.5M Unpatched WordPress Sites Hacked Following Vulnerability Disclosure