WordPress Anti-Spam Plugin Vulnerability Exposes 200,000 Sites to RCE Attacks

by
EditorDavid
from Slashdot on (#6SKY3)
"A flaw in a WordPress anti-spam plugin with over 200,000 installations allows rogue plugins to be installed on affected websites," reports Search Engine Journal. The authentication bypass vulnerability lets attackers gain full access to websites without a username or password, according to the article, and "Security researchers rated the vulnerability 9.8 out of 10, reflecting the high level of severity..."The flaw in the Spam protection, Anti-Spam, FireWall by CleanTalk plugin, was pinpointed by security researchers at Wordfence as caused by reverse DNS spoofing... [T]he attackers can trick the Ant-Spam plugin that the malicious request is coming from the website itself and because that plugin doesn't have a check for that the attackers gain unauthorized access... Wordfence recommends users of the affected plugin to update to version 6.44 or higher. Thanks to Slashdot reader bleedingobvious for sharing the news.

twitter_icon_large.pngfacebook_icon_large.png

Read more of this story at Slashdot.

External Content
Source RSS or Atom Feed
Feed Location https://rss.slashdot.org/Slashdot/slashdotMain
Feed Title Slashdot
Feed Link https://slashdot.org/
Feed Copyright Copyright Slashdot Media. All Rights Reserved.
Reply 0 comments