Get a Pentest and security assessment of your IT network.

Cyber Security

Critical Bug in WordPress Plugin Lets Hackers Execute Code

A critical security issue found in the Ad Inserter WordPress plugin allows authenticated attackers to remotely execute PHP code. The vulnerability stems from the use of the check_admin_referer() for authorization, when it was specifically designed to protect WordPress sites against cross-site request forgery (CSRF) exploits using nonces one-time tokens used for blocking expired and repeated requests. WordPress admins should update the plugin to version 2.4.22 which was released by the plugin developer within a day after being notified of the security flaw.

Source: https://www.bleepingcomputer.com/news/security/critical-bug-in-wordpress-plugin-lets-hackers-execute-code/

Related posts
Cyber Security

Zip Codes & PII: Are They Personal Data?

Cyber Security

Zero-Day Vulnerabilities: User Defence Guide

Cyber Security

Zero Knowledge Voting with Trusted Server

Cyber Security

ZeroNet: 51% Attack Risks & Mitigation