Wordpress Plugin Making Websites Vulnerable To Hackers

5/5 - (1 vote)

A lot of security concerns have become common recently and one of them is bug and flaws. It is not every time that a hacker or attacker has to do a lot of work. Sometimes there are flaws that are exploited by these cybercriminals to cause harm. Security researchers at Wordfence have discovered a flaw within a WordPress plugin that is severe. This flaw can be used by attackers to create admin accounts on websites. This vulnerability is dangerous as the attacker practically gets control over the administrator account. The glitched Plugin here allows the hacker to insert their codes into the websites.

It is the Real-Time Find and Replace WordPress plugin that is allowing hackers to pull this off. Researchers have disclosed that hackers are using this plugin to change the website codes. These codes are changed and malicious codes are added to the website. The real-time find and replace plugin here can be used to make any changes into the context and code of the websites. A large number of websites say over 100,000 sites have this plugin featured. Hackers have their hands full with websites they can mess up however they like.

As per the researchers, it is the CSRF flaw within the plugin that is allowing hackers to change codes. By adding malicious codes to the website hackers are creating admin accounts. The vulnerability can be exploited by attackers by luring the administrator into their links. Such links can be provided to them in comments and emails. The vulnerability is marked severe by researchers and people using this plugin are suggested to update it. The number of websites that are vulnerable to this plugin flaw is huge can users can end up losing their website. 

Leave a Reply

Your email address will not be published. Required fields are marked *