• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

virusword.com-Wordpress

Learn Wordpress

  • Home
  • WordPress Shop
    • Fotopress
    • SEO Tool Kit
    • Social Contact
    • Tag Machine 2
    • Video Profits
  • Latest News
  • WordPress
    • Plugins
    • Themes
    • Tutorials
    • Videos
    • Woocommerce
  • About Us
  • Contact Us
    • Terms of Service
    • Privacy Policy
  • Show Search
Hide Search
Home/Plugins/A nasty WordPress plugin bug could allow an attacker to register as a site administrator

A nasty WordPress plugin bug could allow an attacker to register as a site administrator

Security researchers have discovered a critical but easily exploitable vulnerability in popular ones. WordPress plugin It can be exploited to upload arbitrary files to affected websites.

In their breakdown Wordfence researchers developing security solutions to protect against vulnerabilities WordPress Please note that during the installation, the affected plugins are installed on over 400,000 websites.

The ProfilePress plugin, formerly known as the WP User Avatar, allows administrators to design user profile pages and create front-end forms for user registration. It also helps protect sensitive content and control user access.

TechRadar needs you!

We’re investigating how our readers are using VPNs on streaming sites like Netflix, so we can improve our content and provide better advice. This survey does not take more than 60 seconds. You can also take part in the draw to win a $ 100 Amazon Voucher or one of five 1-year ExpressVPN subscriptions.

>> Click here to start the survey in a new window

Wordfence states that an attacker could exploit the vulnerability to register as a site administrator even if the actual administrator has disabled user registration.

Improper implementation

According to Wordfence, the ProfilePress plugin has emerged as a way to upload a user’s profile picture, but has recently been transformed into the current form with new user login and registration capabilities.

Unfortunately, however, the new features were not properly coded and introduced a vulnerability.

For example, the plugin did not prevent users from providing arbitrary metadata during the registration process. This was exploited by Wordfence to escalate user privileges to administrator privileges.

You can do the same with the profile update feature. However, because there was no check to verify that the site had user registration enabled, the attacker did not have to compromise the existing account and was able to hijack the website without hassle.

Wordfence reported these vulnerabilities to ProfilePress around the end of May. The company responded quickly and fixed the bug with a patch (v3.1.4) within a few days.

To prevent attacks, users running vulnerable versions (3.0-3.1.3) are advised to update immediately.

A nasty WordPress plugin bug could allow an attacker to register as a site administrator

Source link A nasty WordPress plugin bug could allow an attacker to register as a site administrator

Source link

Written by:
Abdul Wahid
Published on:
June 29, 2021

Categories: Plugins

Primary Sidebar

Wordpress

  • Latest News (284)
  • Plugins (323)
  • Themes (331)
  • Tutorials (414)
  • Videos (843)
  • Woocommerce (421)

Recent Articles

ecommerce website bangla tutorial | woocommerce store bangla tutorial | Martfury theme | part-01

Theme : …

Continue Reading about ecommerce website bangla tutorial | woocommerce store bangla tutorial | Martfury theme | part-01

Vehicles fire off multiple shots in Ascension

PRAIRIEVILLE, La. —- Residents in the area between …

Continue Reading about Vehicles fire off multiple shots in Ascension

Search our site

Explore more

Get our Wordpress Guide Get Plugins Get Connected

Footer

VirusWord by Promaps, Inc.

Barnes Place
Colombo 7, Western 00700

Copyright © 2023 · Promaps, Inc.

Keep In Touch

  • Email
  • Facebook
  • Instagram
  • Pinterest
  • Twitter