Get a Pentest and security assessment of your IT network.

Cyber Security

Critical WordPress Plugin Bug Allows Admin Logins Without Password

A critical authentication bypass vulnerability allows anyone to log in as an administrator user on WordPress sites running an affected version of the InfiniteWP Client. The flaw was found in the iwp_mmb_set_request function in the init.php file, a function designed to check if actions attempted by a user are authenticated. The vulnerability was patched by Revmakx, the plugin’s maker, on January 8 with the release of InfiniteWP client 1.9.4.5, one day after researchers at WebARX disclosed the vulnerability.

Source: https://www.bleepingcomputer.com/news/security/critical-wordpress-plugin-bug-allows-admin-logins-without-password/

Related posts
Cyber Security

Zip Codes & PII: Are They Personal Data?

Cyber Security

Zero-Day Vulnerabilities: User Defence Guide

Cyber Security

Zero Knowledge Voting with Trusted Server

Cyber Security

ZeroNet: 51% Attack Risks & Mitigation