Websites using WordPress need to remove these two plugins

It has been reported that a severe security vulnerability has been discovered in two WordPress plugins, Malware Scanner, and miniOrange’s Web Application Firewall. According to The Hacker News, the CVE-2024-2172 vulnerability has a critical error score of 9.8 out of 10 on the CVSS security vulnerability scoring system. Although the developer was removed from the WordPress application store on March 7, 2024, the error can still have an impact as both plugins have been installed on thousands of websites. Malware Scanner has recorded installations and activities on up to 10,000 websites. At the same time, the Web Application Firewall has been installed on 300 sites.

The vulnerability results from a lack of checks in the plugin’s code, allowing an unauthenticated attacker to arbitrarily update any user’s password and escalate privileges to admin members. This could lead to a complete website compromise. As a result, Wordfence has advised users to uninstall the plugins immediately.

Hackers with administrative rights can easily download additional plugins and malicious zip files containing backdoors and modify website posts to redirect users to other malicious websites. Addressing this issue as soon as possible is essential, as a similar plugin, RegistrationMagic, was previously reported to have a high-severity privilege escalation vulnerability that affected more than 10,000 websites.

WordPress is a popular open-source content management system used by millions of websites worldwide. According to w3techs, 43.1% of websites currently choose this CMS platform. While WordPress’s ease of use and flexibility have made it a popular choice, it’s crucial to stay vigilant and address any security vulnerabilities as soon as they are discovered to ensure the safety and security of your website.

Related posts

Google launches Gemini 2.0 – comprehensive AI that can replace humans

NVIDIA RTX 5090 can be 70% more powerful than RTX 4090?

iOS 18.2 launched with a series of groundbreaking AI features