• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

virusword.com-Wordpress

Learn Wordpress

  • Home
  • WordPress Shop
    • Fotopress
    • SEO Tool Kit
    • Social Contact
    • Tag Machine 2
    • Video Profits
  • Latest News
  • WordPress
    • Plugins
    • Themes
    • Tutorials
    • Videos
    • Woocommerce
  • About Us
  • Contact Us
    • Terms of Service
    • Privacy Policy
  • Show Search
Hide Search
Home/Plugins/Attn website owner! WordPress has been found to have these vulnerabilities: Here’s how to fix them:

Attn website owner! WordPress has been found to have these vulnerabilities: Here’s how to fix them:

Website owners who use WordPress are advised to update to the latest version immediately.

The vulnerability has been discovered by the Ward Fence Threat Intelligence team and involves an attacker who achieves authenticated directory traversal.

WordPress is the backend for many websites around the world.I found one of them WordPress Plugins installed on over 1,000,000 websites have two separate vulnerabilities. A plugin called WordPress Download Manager is used to change the way download pages are displayed. The vulnerability has been discovered by the Ward Fence Threat Intelligence team and involves an attacker who achieves authenticated directory traversal. Currently, WordPress Download Manager has some protections to protect against directory traversal, but it has not proven to be sufficient in this particular case.

As a result, lower-level contributors were able to retrieve the contents of the site’s wp-config.php file by adding new downloads and performing directory traversal attacks. Here, when I previewed the download, the contents of wp-config.php were displayed in the source code of the page. Because the contents of the file are echoed out to the page source, users with author-level access can upload files or multimedia containing malicious JavaScript and set the contents of the file to the path of the uploaded file. You can also. Cross-site scripting.

Prior to this, the WordPress Download Manager team patched a vulnerability that allowed users to upload files with a php4 extension and other potentially malicious files. This patch protected many configurations, but was the last to allow an attacker to perform a “double extension” attack by uploading a file with multiple extensions, such as info.php.png. I checked only the file extension of.

The Wordfence threat intelligence team disclosed the findings to the WordPress team in May, and the developers released a patch the next day. Website owners who use WordPress are advised to update to the latest version immediately.

Read all the latest news, Breaking news When Coronavirus news here

Attn website owner! WordPress has been found to have these vulnerabilities: Here’s how to fix them:

Source link Attn website owner! WordPress has been found to have these vulnerabilities: Here’s how to fix them:

Source link

Written by:
Abdul Wahid
Published on:
July 31, 2021

Categories: Plugins

Primary Sidebar

Wordpress

  • Latest News (284)
  • Plugins (323)
  • Themes (331)
  • Tutorials (415)
  • Videos (845)
  • Woocommerce (422)

Recent Articles

How to Custom Header & Footer Codes in WordPress Theme – WordPress Theme Development

In this part of the WordPress theme development …

Continue Reading about How to Custom Header & Footer Codes in WordPress Theme – WordPress Theme Development

How to Make Them Work Together

Shopify is good at ecommerce, but so-so at content …

Continue Reading about How to Make Them Work Together

Search our site

Explore more

Get our Wordpress Guide Get Plugins Get Connected

Footer

VirusWord by Promaps, Inc.

Barnes Place
Colombo 7, Western 00700

Copyright © 2023 · Promaps, Inc.

Keep In Touch

  • Email
  • Facebook
  • Instagram
  • Pinterest
  • Twitter