WordPress Security Details of 2 Severe Plugin Vulnerabilities
Today we have published the details of security vulnerabilities in two WordPress plugins discovered by our Threat Intelligence team.
The first is an OS command injection vulnerability in the WP Database Backup plugin. The popular plugin has over 70,000 active users according to WordPress.org. If exploited, the flaw could lead to full site takeover by attackers. The developers published a fix on April 30th.
The second is a privilege escalation vulnerability in the Slick Popup plugin, currently active on 7,000 websites. The flaw allows attackers with Subscriber-level access to create Administrator-level accounts, effectively taking over the site. We contacted the developers with the details on April 22nd and a fix has not yet been released.
In case you missed it we published episode 16 of the Think Like a Hacker podcast on Friday, featuring WordPress Community Manager Cami Kaos. Cami is the primary contact for the 150 WordCamps and over 600 WordPress meetups taking place around the world this year. Her efforts ensure that the volunteers contributing to community events have what they need to succeed. Cami shares her thoughts on getting started with WordPress meetups and WordCamps, challenges facing the growing community, and how to get involved.
Introducing Wordfence Central
Wordfence Central is a powerful and efficient way to manage the security for multiple sites in one place. Learn More
If you would like to stop receiving WordPress security alerts and product updates from Wordfence, please use the “unsubscribe” link at the bottom of this email. You subscribed to this list via the Wordfence security plugin for WordPress.
If you aren’t already a member, you can subscribe to our WordPress Security and Product Updates mailing list here. You’re welcome to republish this email in part or in full, provided that you mention that the source is www.wordfence.com. If you would like to get Wordfence for your WordPress website, simply go to your “Plugin” menu, click “add new” and search for “wordfence”.