Vulnerability in a popular WordPress plug: spam protection can lead to illegal action
Renovated, it has been found that WordPress, which is used in more than 200,000 websites to protect against spam, has a vulnerability that allows the attackers to install additional plugins without the administrator permission. This vulnerability was estimated at 9.8 points out of 10 possible, which reflects its high degree of seriousness.
"A HIGHLY RATED ATI-SPAM FIREWALL WITH OVER 200,000 Installations Was Found to Have An Authentication Bypass Vulneracy that Enables Attackers to Gain Full Access Toving ASEBSITES WITH Flaw Lets Attackers Upload and Install Any Plugin, Including Malware, Granting Them Full Control of the Site. "
The vulnerability was found in the SPAM Protection, Anti-Spaam, Firewall by Cleantalk. It reveals a problem with authentication check that allows the attackers to get full access to websites without entering a user or password. This disadvantage allows the attackers to install any plugins, including harmful software, giving them full control of the site 🚀.
- 📌 Much vulnerability in the popular WordPress plug is revealed.
- 📌 Vulnerability allows the attackers to install additional plugins without the permission of the administrator.
- 📌 Detecting and eliminating this kind of vulnerability is critical for the safety of the website.
FAQ
Which plugin was armed?
The vulnerability in the SPAM Protection, Anti-Spaam, Firewall by Cleantalk was revealed.
How do attackers use this vulnerability?
The attackers can access the website, including the ability to install additional plugins without entering a user or password.
How can this problem be solved?
It is recommended to update the plugin to version 6.44 or above.
Статтю згенеровано з використанням ШІ на основі зазначеного матеріалу, відредаговано та перевірено автором вручну для точності та корисності.
https://www.searchenginejournal.com/wordpress-anti-spam-plugin-vulnerability-hits-200k-sites/533844/
