Thursday, July 18, 2024

WordPress Admins Warned of Security Threat Posed by miniOrange Plugins

A grave security threat has emerged for WordPress sites and admins here are warned to take appropriate action. If you are currently utilizing miniOrange’s Malware Scanner or Web Application Firewall plugins, it is urged to immediately pay close attention to below information:

A critical flaw has been witnessed and uncovered lately in these plugins and these are identified as CVE-2024-2172. The vulnerability is 9.8 out of 10 and this is indication to it severity. Websites running the following versions of these plugins are at risk:

Malware Scanner (versions <= 4.7.2)

Web Application Firewall (versions <= 2.1.1)

Meanwhile, maintainers of these plugins have decided to permanently close them and it has been already in effect from March 7, 2024. However, the potential of threat still remains if a website is using outdated versions.

The vulnerability may result with a significant risk. It could allow unauthorized access to the dashboard and passwords can be easily manipulated. The exploitation could even lead to complete compromise of the WordPress site. Attackers may easily carry out malicious activities such as uploading harmful files, altering content and even redirecting visitors to malicious sites.

Another concerning security flaw has been identified in the RegistrationMagic plugin (CVE-2024-1991, CVSS score: 8.8). It is affecting all versions preceding 5.3.0.0. The flaw allows attackers to become a site administrator and make changes. This can turn up to be a serious threat to the integrity of the website.

It is highly recommended to take immediate action to safeguard WordPress sites. The first and foremost is to remove the miniOrange plugins from the websites and simultaneously ensure that they are not utilizing any vulnerable versions of the RegistrationMagic plugin.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Saas listing

Share your experience and write review on the Apps you have used and win gifts weekly

VBOUT

0 out of 5
Email Marketing

Pabbly Connect – API Based Automation

0 out of 5

FastComet – Web Hosting

0 out of 5

GoZen Growth – Email Marketing Software

0 out of 5

Related Articles

LTK Shares Insights on Battling Tech Giants in Affiliate Marketing

Affiliate marketing is a dynamic world. Major platforms such as TikTok and YouTube are gearing up with new built-in shopping...
Read more
North America is playing a key role in the global email marketing automation tools market. It is mainly due to...
A plethora of niche websites thrived under Google’s favor in 2022. They ranked well for specific keywords. They enjoyed steady...