Tuesday, December 3, 2024

WordPress Sites Vulnerable to Takeover via Discontinued MiniOrange Plugins

There is a critical warning and WordPress site owners should take a look to it. It is learned that thousands of sites could be at risk of due to vulnerabilities in certain plugins. The Wordfence team at WordPress security company Defiant highlighted the dangers which are posed by discontinued MiniOrange plugins. The danger is specifically with the Malware Scanner and Web Application Firewall.

The issue has been identified as CVE-2024-2172 and the risk rating is 9.8 of 10. The plugins allow attackers to escalate their privileges to administrator status. This means unauthorized individuals could potentially change user passwords and thereafter can gain full control over affected websites.

However, the plugins were discontinued on March 7 and by then there were more than 10,000 active Malware Scanner installations and over 300 Web Application Firewall installations. Site owners are advised to delete these plugins immediately.

Well, the threat has not ended yet. Another privilege escalation vulnerability was identified in the widely used RegistrationMagic plugin and it has impacted more than 10,000 WordPress sites. It is tracked as CVE-2024-1991 and enables authenticated users to grant themselves administrative privileges.

Patch in RegistrationMagic version 5.3.1.0 provides some relief and site administrators are suggested to update their plugins to the latest versions.

It is also advised that WordPress site owners should prioritize security measures and stay informed about potential threats. It is better to exercise regular audits of plugins, prompt updates and adherence to best security practices are essential as well.

Meanwhile, plugin developers and the broader WordPress community are also suggested to remain vigilant to avoid such threats. By working together to address vulnerabilities and strengthen security measures, safeguarding of websites can easily be achieved.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Saas listing

Share your experience and write review on the Apps you have used and win gifts weekly

VBOUT

0 out of 5
Email Marketing

Pabbly Connect – API Based Automation

0 out of 5

FastComet – Web Hosting

0 out of 5

GoZen Growth – Email Marketing Software

0 out of 5

Related Articles

Orbis Research Provides Comprehensive Analysis of Bulk Email Marketing Market Trends

Bulk email marketing industry is undergoing a significant transformation. It is being driven by advancements in technology and changing consumer...
Read more
Maintaining a strong online presence is important in today’s digital era. Businesses of all sizes should have online exposure. Amid...
AI integration into social media is increasing at a rapid pace. It is reshaping how businesses and users interact online....