News

Analysts found vulnerabilities in WordPress plugin that means security threat for nearly 800 000 websites

Sucuri company specialists found significnat vulnerabilities in Duplicate Page plugin. This plugin is installed and works on more than 800 000 WordPress–powered websites.

Discovered error allows to a user with minimal privileges (for instance to subscriber) implementing a side code with obtaining access to administrator’s password and other confidential information.

Problem lay in the insufficient control of user’s privileges. Sucuri specialists argue that such attack could lead to interception of site’s management.

Information security specialists assessed vulnerability score as 8.4 in DREAD scale.

Sucuri analysts informed Duplicate Page authors about the finding at the end of March and in the WordPress library already arrived 3.4 plugin version without described above flaw.

“If you are using vulnerable versions of this plugin, updating it should become your priority”, — strongly advice Sucuri specialists.

Source: https://blog.sucuri.net/2019/04/sql-injection-in-duplicate-page-wordpress-plugin.html

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

View Comments

Recent Posts

Remove Kurlibat.xyz pop-up ads (Virus Removal Guide)

Kurlibat.xyz is a site that tries to trick you into clik to its browser notifications…

22 hours ago

Remove Initiateintenselyrenewedthe-file.top pop-up ads (Virus Removal Guide)

Initiateintenselyrenewedthe-file.top is a domain that tries to trick you into clik to its browser notifications…

22 hours ago

Remove Wotigorn.xyz pop-up ads (Virus Removal Guide)

Wotigorn.xyz is a site that tries to force you into subscribing to its browser notifications…

22 hours ago

Remove Initiateintenselyprogressivethe-file.top pop-up ads (Virus Removal Guide)

Initiateintenselyprogressivethe-file.top is a domain that tries to force you into clik to its browser notifications…

22 hours ago

Remove Nuesobatoxylors.co.in pop-up ads (Virus Removal Guide)

Nuesobatoxylors.co.in is a domain that tries to trick you into subscribing to its browser notifications…

1 day ago

Remove Helistym.xyz pop-up ads (Virus Removal Guide)

Helistym.xyz is a site that tries to force you into clik to its browser notifications…

1 day ago