Millions of WordPress sites potentially hijackable due to critical plugin bug

18 November 2024

Malicious actors could leverage the vulnerability, which stems from improper user check error management in the two-factor REST API action, to facilitate high-privileged account breaches that could then be used for additional attacks, according to Defiant, a WordPress security provider. The absence of error management in the event of failed user verification enables ID-based authentication and “makes it possible for threat actors to bypass authentication and gain access to arbitrary accounts on sites running a vulnerable version of the plugin,”

Source: SC Magazine

Date:

18 November 2024

Categorie(s):

NEWS

Tag(s):

IT, News, Vulnerability Management

Swiss Cyber Agency Warns of QR Code Malware in Mail Scam18 November 2024
‘ClickFix’ Cyber-Attacks for Malware Deployment on the Rise18 November 2024
QuickBooks popup scam still being delivered via Google ads18 November 2024
Sweden’s ‘Doomsday Prep for Dummies’ guide hits mailboxes today18 November 2024
Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)18 November 2024