Thursday, July 25, 2024

WordPress Sites Vulnerable to Takeover via Discontinued MiniOrange Plugins

There is a critical warning and WordPress site owners should take a look to it. It is learned that thousands of sites could be at risk of due to vulnerabilities in certain plugins. The Wordfence team at WordPress security company Defiant highlighted the dangers which are posed by discontinued MiniOrange plugins. The danger is specifically with the Malware Scanner and Web Application Firewall.

The issue has been identified as CVE-2024-2172 and the risk rating is 9.8 of 10. The plugins allow attackers to escalate their privileges to administrator status. This means unauthorized individuals could potentially change user passwords and thereafter can gain full control over affected websites.

However, the plugins were discontinued on March 7 and by then there were more than 10,000 active Malware Scanner installations and over 300 Web Application Firewall installations. Site owners are advised to delete these plugins immediately.

Well, the threat has not ended yet. Another privilege escalation vulnerability was identified in the widely used RegistrationMagic plugin and it has impacted more than 10,000 WordPress sites. It is tracked as CVE-2024-1991 and enables authenticated users to grant themselves administrative privileges.

Patch in RegistrationMagic version 5.3.1.0 provides some relief and site administrators are suggested to update their plugins to the latest versions.

It is also advised that WordPress site owners should prioritize security measures and stay informed about potential threats. It is better to exercise regular audits of plugins, prompt updates and adherence to best security practices are essential as well.

Meanwhile, plugin developers and the broader WordPress community are also suggested to remain vigilant to avoid such threats. By working together to address vulnerabilities and strengthen security measures, safeguarding of websites can easily be achieved.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Saas listing

Share your experience and write review on the Apps you have used and win gifts weekly

VBOUT

0 out of 5
Email Marketing

Pabbly Connect – API Based Automation

0 out of 5

FastComet – Web Hosting

0 out of 5

GoZen Growth – Email Marketing Software

0 out of 5

Related Articles

Affiliate Marketing Model Fuels FASTer Way’s Growth

FASTer Way to Fat Loss has good news for affiliate marketers. It has hit a major milestone lately. It announced...
Read more
Maintaining a strong online presence is important in this digital era. Businesses should aim for it to thrive. LinkDaddy has...
The search engine optimization (SEO) sector is ever-evolving and professionals need to stay updated with current trends to maintain a...