1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This critical WordPress plugin flaw could let hackers hijack your

    From TechnologyDaily@1337:1/100 to All on Tue Feb 28 14:15:03 2023
    This critical WordPress plugin flaw could let hackers hijack your website

    Date:
    Tue, 28 Feb 2023 14:03:16 +0000

    Description:
    Two WordPress plugin flaws discovered and patched, but hackers are still out there abusing them.

    FULL STORY ======================================================================

    Researchers have discovered two high-severity vulnerabilities in a popular WordPress theme and plugin that could allow threat actors to completely take over the affected websites.

    Cybersecurity experts from Patchstack uncovered two flaws in a premium add-on used mostly for real-estate websites. The $69 theme is called Houzez, and reportedly has more than 35,000 customers.

    The two vulnerabilities are now tracked as CVE-2023-26540 and CVE-2023-26009. Both are rated 9.8 - critical, and both allow for the elevation of
    privileges, from a remote location - no authentication required. Used in the wild

    To make matters even worse - both are being actively used in the wild.

    The vulnerability in the theme and plugin is currently exploited in the wild and have seen a large number of attacks from the IP address 103.167.93.138 at the time of writing, Patchstack warned.

    The flaws are hardly new, too. Roughly half a year ago, after the researchers first reached out to the themes vendor - ThemeForest - a patch for one of the flaws was released, bringing the theme up to version 2.6.4. In November last year, the vendor patched the second flaw as well, bringing Houzez to version 2.7.2. Read more

    WordPress plugin vulnerability exposed millions of websites to attack


    Thousands of WordPress sites at risk from online course plug-in flaw


    Check out the best firewalls around

    As usual, users are advised to apply the patch immediately and avoid the risk of being targeted by cybercriminals.

    WordPress is the worlds most popular website hosting platform, and as such,
    is a popular target for hackers. But the platform is generally perceived as secure - its the countless themes and add-ons that hackers often manage to exploit.

    The themes and add-ons, which can be acquired either directly via WordPress, or through vendor website, offer basically infinite customization options. They are split into free and commercial categories, and while paid options
    are usually frequently updated and maintained, free versions are sometimes abandoned. That being said, they dont get the necessary patches on time and provide hackers with ample opportunities to compromise the website, steal its data, redirect visitors elsewhere, and do all other sorts of malicious activities. Here's our list of the best endpoint protection tools right now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/this-critical-wordpress-plugin-flaw-could-let-h ackers-hijack-your-website


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)