Get a Pentest and security assessment of your IT network.

Cyber Security

Critical WordPress Plugin Flaw Allows Site Takeover

NextGen Gallery plugin allows sites to upload photos in batch quantities, import metadata and edit image thumbnails. Researchers discovered two cross-site request forgery (CSRF) flaws one critical and one high-severity in the plugin. One of the flaws stems from a security function (is_authorized_request) that is used to protect its settings. Another flaw stemmed from a separate security function, validate_ajax_request, used for various AJAX actions. To exploit this flaw, an attacker would have to trick an administrator into clicking a link.

Source: https://threatpost.com/critical-wordpress-plugin-flaw-site-takeover/163734/

Related posts
Cyber Security

Zip Codes & PII: Are They Personal Data?

Cyber Security

Zero-Day Vulnerabilities: User Defence Guide

Cyber Security

Zero Knowledge Voting with Trusted Server

Cyber Security

ZeroNet: 51% Attack Risks & Mitigation