Analysts found vulnerabilities in WordPress plugin that means security threat for nearly 800 000 websites

Sucuri company specialists found significnat vulnerabilities in Duplicate Page plugin. This plugin is installed and works on more than 800 000 WordPress–powered websites.

Discovered error allows to a user with minimal privileges (for instance to subscriber) implementing a side code with obtaining access to administrator’s password and other confidential information.

Problem lay in the insufficient control of user’s privileges. Sucuri specialists argue that such attack could lead to interception of site’s management.

Information security specialists assessed vulnerability score as 8.4 in DREAD scale.

Sucuri analysts informed Duplicate Page authors about the finding at the end of March and in the WordPress library already arrived 3.4 plugin version without described above flaw.

“If you are using vulnerable versions of this plugin, updating it should become your priority”, — strongly advice Sucuri specialists.

Source: https://blog.sucuri.net/2019/04/sql-injection-in-duplicate-page-wordpress-plugin.html