News

Analysts found vulnerabilities in WordPress plugin that means security threat for nearly 800 000 websites

Sucuri company specialists found significnat vulnerabilities in Duplicate Page plugin. This plugin is installed and works on more than 800 000 WordPress–powered websites.

Discovered error allows to a user with minimal privileges (for instance to subscriber) implementing a side code with obtaining access to administrator’s password and other confidential information.

Problem lay in the insufficient control of user’s privileges. Sucuri specialists argue that such attack could lead to interception of site’s management.

Information security specialists assessed vulnerability score as 8.4 in DREAD scale.

Sucuri analysts informed Duplicate Page authors about the finding at the end of March and in the WordPress library already arrived 3.4 plugin version without described above flaw.

“If you are using vulnerable versions of this plugin, updating it should become your priority”, — strongly advice Sucuri specialists.

Source: https://blog.sucuri.net/2019/04/sql-injection-in-duplicate-page-wordpress-plugin.html

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

View Comments

Recent Posts

Remove Pbmsoultions pop-up ads (Virus Removal Guide)

Pbmsoultions.com is a domain that tries to trick you into clik to its browser notifications…

1 day ago

Remove Prizestash pop-up ads (Virus Removal Guide)

Prizestash.com is a site that tries to trick you into subscribing to its browser notifications…

1 day ago

Remove Verifiedbreaking pop-up ads (Virus Removal Guide)

Verifiedbreaking.com is a domain that tries to force you into subscribing to its browser notifications…

1 day ago

Remove Themoneyminutes pop-up ads (Virus Removal Guide)

Themoneyminutes.com is a domain that tries to force you into subscribing to its browser notifications…

1 day ago

Remove News-xcidizi pop-up ads (Virus Removal Guide)

News-xcidizi.com is a domain that tries to trick you into clik to its browser notifications…

1 day ago

Remove Everytraffic-flow pop-up ads (Virus Removal Guide)

Everytraffic-flow.com is a domain that tries to trick you into subscribing to its browser notifications…

1 day ago