Subj : Almost a million WordPress websites at risk from this security fl To : All From : TechnologyDaily Date : Fri Feb 02 2024 18:30:05 Almost a million WordPress websites at risk from this security flaw here's what you need to know to keep your site safe Date: Fri, 02 Feb 2024 18:25:36 +0000 Description: Another vulnerable plugin was found on the WordPress platform, and this one has almost a million users. FULL STORY ====================================================================== Almost a million WordPress websites were vulnerable to a flaw that allowed hackers to modify content on different pages. A report from Wordfence noted the vulnerability could lead to hackers altering sensitive data and potentially exploiting the website builder system. As per the report, the websites were vulnerable through a WordPress plugin called Website Builder, developed by SeedProd which has more than 900,000 active installations. The vulnerability involved a missing capability check in one of the plugins functions, allowing hackers to modify content on sites such as coming soon, maintenance pages, or 404 pages, created using the plugin. Targeting plugins WordPress websites with versions up to 6.15.21 of the plugin installed were vulnerable, the report further stated. SeedProd has addressed it, however, and released a patch bringing the plugin up to version 6.15.22. All WordPress website owners using the plugin are advised to apply the patch immediately. The vulnerability itself is tracked as CVE-2024-1072, and carries a severity score of 8.2/10 in the Common Vulnerability Scoring System (CVSS), making it a high risk flaw. WordPress is by far the worlds most popular website builder, powering almost half (43%) of all websites on the internet. This also makes it an extremely popular target among hackers. However, WordPress is generally considered safe, as less than 1% of all known vulnerabilities on the platform target the website builder itself. Instead, hackers usually look for flaws in plugins and addons, as many of them arent as thoroughly monitored, or frequently updated, as they should be. This rings particularly true for non-commercial plugins, which are often built by a single developer, and sometimes abandoned, but still widely used. Administrators are advised to always keep all of their plugins updated. More from TechRadar Pro This top WordPress plugin has a major security flaw - and there's no fix yet Here's a list of the best firewalls around today These are the best endpoint security tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/almost-a-million-wordpress-websites-at- risk-from-this-security-flaw-heres-what-you-need-to-know-to-keep-your-site-saf e --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .