The Latest in IT Security

800,000 WordPress sites still vulnerable to simple takeover attacks

22
Dec
2021
800,000 WordPress sites still vulnerable to simple takeover attacks

image credit: unsplash

Despite two critical flaws in a popular WordPress plugin being patched weeks ago, hundreds of thousands of webmasters are yet to deploy the update, putting their sites at risk of takeover attacks.

The “All in One” SEO WordPress plugin was vulnerable to two flaws – CVE-2021-25036, which is a critical Authenticated Privilege Escalation flaw, and CVE-2021-25037, a high-severity Authenticated SQL Injection bug.

In total, three million sites were vulnerable to the flaw. In the past two weeks, since the patch was issued by the plugin’s developers, more than two million plugins were updated, leaving some 820,000 still vulnerable.

Related posts:
  1. Tutor LMS for WordPress Open to Info-Stealing Security Holes
  2. Insecure WordPress plugin exposes thousands of sites to takeover attacks
  3. A million WordPress sites are at risk due to plugin vulnerability
  4. Serious WordPress plugin vulnerability puts thousands of sites at risk
  5. 1.6 Million WordPress Sites Under Cyberattack From Over 16,000 IP Addresses

Read More

Tags:  
Written by Techradar
0 Comments
Comments are closed.

Categories

SUNDAY, FEBRUARY 23, 2025
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments