• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

virusword.com

Learn Wordpress

  • Home
  • WordPress Shop
    • Fotopress
    • SEO Tool Kit
    • Social Contact
    • Tag Machine 2
    • Video Profits
  • Latest News
  • WordPress
    • Plugins
    • Themes
    • Tutorials
    • Videos
    • Woocommerce
  • About Us
  • Contact Us
    • Terms of Service
    • Privacy Policy
  • Show Search
Hide Search
Home/Plugins/Attn website owner! WordPress has been found to have these vulnerabilities: Here’s how to fix them:

Attn website owner! WordPress has been found to have these vulnerabilities: Here’s how to fix them:

Website owners who use WordPress are advised to update to the latest version immediately.

The vulnerability has been discovered by the Ward Fence Threat Intelligence team and involves an attacker who achieves authenticated directory traversal.

WordPress is the backend for many websites around the world.I found one of them WordPress Plugins installed on over 1,000,000 websites have two separate vulnerabilities. A plugin called WordPress Download Manager is used to change the way download pages are displayed. The vulnerability has been discovered by the Ward Fence Threat Intelligence team and involves an attacker who achieves authenticated directory traversal. Currently, WordPress Download Manager has some protections to protect against directory traversal, but it has not proven to be sufficient in this particular case.

As a result, lower-level contributors were able to retrieve the contents of the site’s wp-config.php file by adding new downloads and performing directory traversal attacks. Here, when I previewed the download, the contents of wp-config.php were displayed in the source code of the page. Because the contents of the file are echoed out to the page source, users with author-level access can upload files or multimedia containing malicious JavaScript and set the contents of the file to the path of the uploaded file. You can also. Cross-site scripting.

Prior to this, the WordPress Download Manager team patched a vulnerability that allowed users to upload files with a php4 extension and other potentially malicious files. This patch protected many configurations, but was the last to allow an attacker to perform a “double extension” attack by uploading a file with multiple extensions, such as info.php.png. I checked only the file extension of.

The Wordfence threat intelligence team disclosed the findings to the WordPress team in May, and the developers released a patch the next day. Website owners who use WordPress are advised to update to the latest version immediately.

Read all the latest news, Breaking news When Coronavirus news here

Attn website owner! WordPress has been found to have these vulnerabilities: Here’s how to fix them:

Source link Attn website owner! WordPress has been found to have these vulnerabilities: Here’s how to fix them:

Source link

Written by:
Abdul Wahid
Published on:
July 31, 2021

Categories: Plugins

Primary Sidebar

Wordpress

  • Content Management Systems (2)
  • Digital Marketing (4)
  • Internet Marketing (6)
  • Latest News (458)
  • Online Business (2)
  • Plugins (519)
  • Themes (521)
  • Videos (1,350)
  • Website Development (1)
  • Woocommerce (589)
  • WordPress (6)

Recent Articles

Unlock Your Internet Marketing Success with WordPress: The Ultimate CMS for Achieving Online Goals

WordPress: A Powerhouse for Achieving Internet …

Continue Reading about Unlock Your Internet Marketing Success with WordPress: The Ultimate CMS for Achieving Online Goals

Unlock Your Internet Marketing Potential with WordPress: A Comprehensive Guide

How to Use WordPress to Achieve Your Internet …

Continue Reading about Unlock Your Internet Marketing Potential with WordPress: A Comprehensive Guide

Search our site

Explore more

Get our Wordpress Guide Get Plugins Get Connected

Footer

VirusWord by Promaps, Inc.

Barnes Place
Colombo 7, Western 00700

Copyright © 2025 · Promaps, Inc.

Keep In Touch

  • Email
  • Facebook
  • Instagram
  • Pinterest
  • Twitter