• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

virusword.com

Learn Wordpress

  • Home
  • WordPress Shop
    • Fotopress
    • SEO Tool Kit
    • Social Contact
    • Tag Machine 2
    • Video Profits
  • Latest News
  • WordPress
    • Plugins
    • Themes
    • Tutorials
    • Videos
    • Woocommerce
  • About Us
  • Contact Us
    • Terms of Service
    • Privacy Policy
  • Show Search
Hide Search
Home/Plugins/Major flaw discovered in AIOS WordPress security plugin

Major flaw discovered in AIOS WordPress security plugin

All-In-One Security (AIOS), one of the popular WordPress plugins, released a patch after discovering that the plugin was logging plaintext passwords and storing them in a database accessible to website administrators.

The incident was caused by a bug introduced in version 5.1.9 of AIOS, released in May. The latest version, 5.2.0, was released to address the bug and delete the problematic data from the database.

According to the developers, the passwords were logged when users logged into a site that employed the plugin. While AIOS claims that exploiting this flaw requires high-level administrative privileges, security experts argue that storing passwords in plaintext represents a significant security risk.

For decades, industry professionals have strongly advised against storing passwords in plaintext because hackers can easily breach websites and access sensitive information. Instead, passwords should be stored using a cryptographic hash algorithm, which makes it extremely difficult for threat actors to reverse-engineer the passwords.

Many WordPress plugins have suffered serious flaws in the past.

The bug responsible for logging plaintext passwords in AIOS was initially reported in a WordPress forum around three weeks ago. A user raised concerns about the flaw potentially causing the organisation to fail a forthcoming security review by third-party compliance auditors. In response, an AIOS representative acknowledged the bug, providing a script to clear the logged data. However, the user reported that the script did not successfully address the issue.

AIOS has since released version 5.2.0 to rectify the bug and issued an advisory emphasizing the importance of keeping plugins up to date to patch any identified vulnerabilities. Additionally, they advised users to change passwords regularly, especially if they suspect a compromise, and to enable two-factor authentication for enhanced security.

Users of AIOS are strongly urged to install the latest update as soon as possible and ensure that the log deletion process works effectively. In cases where users suspect their passwords may have been captured by a website using AIOS, they should promptly change their passwords on that site and consider changing passwords on other sites where the same password is used.

Many WordPress plugins, including the WooCommerce, Advanced Custom Field, and Elementor Pro, have been vulnerable.

In the News: Startup Telly sends out the first wave of free 55-Inch 4K TVs

Source link

Written by:
Abdul Wahid
Published on:
July 15, 2023

Categories: Plugins

Primary Sidebar

Wordpress

  • Content Management Systems (2)
  • Digital Marketing (4)
  • Internet Marketing (6)
  • Latest News (458)
  • Online Business (2)
  • Plugins (519)
  • Themes (521)
  • Videos (1,350)
  • Website Development (1)
  • Woocommerce (589)
  • WordPress (6)

Recent Articles

Unlock Your Internet Marketing Success with WordPress: The Ultimate CMS for Achieving Online Goals

WordPress: A Powerhouse for Achieving Internet …

Continue Reading about Unlock Your Internet Marketing Success with WordPress: The Ultimate CMS for Achieving Online Goals

Unlock Your Internet Marketing Potential with WordPress: A Comprehensive Guide

How to Use WordPress to Achieve Your Internet …

Continue Reading about Unlock Your Internet Marketing Potential with WordPress: A Comprehensive Guide

Search our site

Explore more

Get our Wordpress Guide Get Plugins Get Connected

Footer

VirusWord by Promaps, Inc.

Barnes Place
Colombo 7, Western 00700

Copyright © 2025 · Promaps, Inc.

Keep In Touch

  • Email
  • Facebook
  • Instagram
  • Pinterest
  • Twitter