• WordPress users beware - these popular theme plugins have some ma

    From TechnologyDaily@1337:1/100 to All on Thu Jan 23 14:30:06 2025
    WordPress users beware - these popular theme plugins have some major security issues

    Date:
    Thu, 23 Jan 2025 14:14:09 +0000

    Description:
    A theme and a complementary plugin allowed attackers to elevate privileges
    and potentially take over WordPress sites.

    FULL STORY ======================================================================Patchsta ck found two bugs in a WordPress theme and a plugin from InspiryThemes The bugs were not addressed in three latest versions Users are advised to disable the products or limit new account creation

    A popular WordPress theme and plugin have been found carrying vulnerabilities that allow malicious actors to elevate their privileges to admin.

    WordPress security researchers Patchstack revealed the theme and plugin in question are called RealHomes and Easy Real Estate, both designed by InspiryThemes, and designed to be used in the real estate industry. The vulnerabilities are tracked as CVE-2024-32444, and CVE-2024-32555, and both have a severity score of 9.8/10 - critical. Both flaws allow malicious actors to elevate their privileges to admin, gaining full control of the WordPress site, and allowing them to install, delete, or modify plugins, tamper with
    the content, exfiltrate sensitive data, and more.

    Citing data from Envanto Market, Patchstack says RealHomes was purchased 32,600 times, suggesting that the attack landscape is quite large. No
    response from InspiryThemes

    Patchstack warned website admins to disable the resources immediately, since the bugs have been around for months and still have no patch in sight.

    The researchers also claim they tried, on multiple occasions, to get in touch with InspiryThemes and warn them about the flaws. The company allegedly did not respond to their inquiries but has, in the meantime, released three new versions for the flawed software. In all three versions, the vulnerabilities were not addressed.

    Since they are present in the newest versions as well, Patchstack urged users to disable the theme and plugin immediately, to mitigate potential risk of site takeover. Alternatively, admins could restrict user registration, since the bug cannot be exploited in an environment where new accounts cannot be generated.

    Usually, when a bug is made public, threat actors start hunting for
    vulnerable websites, since they can easily be exploited.

    WordPress plugins and themes continue to be one of the most popular targets for cybercriminals, given the website builder platforms enormous popularity around the world.

    Via BleepingComputer You might also like Top WordPress plugins found to have some serious security flaws, so make sure you're protected Here's a list of the best antivirus tools on offer These are the best endpoint protection
    tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/wordpress-users-beware-these-popular-th eme-plugins-have-some-major-security-issues


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)