MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
plugin
Recherche

WordPress Anti-Spam Plugin Vulnerability Exposes 200,000 Sites to RCE Attacks

samedi 30 novembre 2024, 20:34 , par Slashdot
WordPress Anti-Spam Plugin Vulnerability Exposes 200,000 Sites to RCE Attacks
'A flaw in a WordPress anti-spam plugin with over 200,000 installations allows rogue plugins to be installed on affected websites,' reports Search Engine Journal.

The authentication bypass vulnerability lets attackers gain full access to websites without a username or password, according to the article, and 'Security researchers rated the vulnerability 9.8 out of 10, reflecting the high level of severity...'

The flaw in the Spam protection, Anti-Spam, FireWall by CleanTalk plugin, was pinpointed by security researchers at Wordfence as caused by reverse DNS spoofing... [T]he attackers can trick the Ant-Spam plugin that the malicious request is coming from the website itself and because that plugin doesn't have a check for that the attackers gain unauthorized access... Wordfence recommends users of the affected plugin to update to version 6.44 or higher.


Thanks to Slashdot reader bleedingobvious for sharing the news.

Read more of this story at Slashdot.
Lire la suite sur Slashdot
https://it.slashdot.org/story/24/11/30/1830222/wordpress-anti-spam-plugin-vulnerability-exposes-2000...

Voir aussi

plugin FrontierMath Benchmark Exposes AI Struggles in Advanced Math eWeek30 Nov
anti-spam The Guy Behind the Most Nostalgic Sites on the Internet Wired: Tech.29 Nov
vulnerability Les sites pirates ont couté 1,5 milliard d’euros au secteur audiovisuel en 2023, selon l’Arcom 01net29 Nov
attackers Canada's Antitrust Watchdog Sues Google Alleging Anti-Competitive Conduct in Advertising Slashdot28 Nov
wordpress Deux failles de sécurité majeures dans un plugin WordPress menacent (encore) des centaines de milliers de sites NetEco28 Nov
gain So you want to write a KMail plugin? OS News27 Nov
slashdot Philippines Recruits Civilian Tech Talent To Fend Off Cyber Attacks Slashdot27 Nov
access Google Vertex AI Vulnerability Exposes Customer Data — What You Need to Know eWeek27 Nov
websites Footage exposes kindergarten shoe thief as weasel BoingBoing26 Nov
affected Les blocages de sites pirates pleuvent en France Génération-NT26 Nov
flaw Ces 29 sites pirates viennent d’être bloqués en France 01net26 Nov
sites Un "anti-combat action-RPG" : les créateurs de The Invincible annoncent Dante's Ring GameKult25 Nov
exposes Le propriétaire de WordPress rachète un outil qui va vous aider à mieux écrire NetEco22 Nov
rce Google veut redorer sa réputation en frappant contre les sites parasites 01net21 Nov
attacks Manufacturing faces a wave of advanced email attacks BetaNews21 Nov
eacute Supply chain attacks up over 400 percent since 2021 BetaNews21 Nov
plugin TV Time Attacks Apple's 'Significant Power' After App Store Removal Slashdot20 Nov
anti-spam Google Deepens Crackdown on Sites Publishing 'Parasite SEO' Content Slashdot20 Nov
vulnerability Cyberattaque sur Direct Assurance ? Un pirate parle de milliers de clients et prospects exposés Zataz19 Nov
attackers WordPress 6.7 disponible : voici les nouveautés TooLinux19 Nov
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Date Actuelle
dim. 1 déc. - 05:39 CET