Hide My WP, a popular WordPress security plugin, contained a serious SQL injection (SQLi) vulnerability and a security flaw that enabled unauthenticated attackers to deactivate the software.
Now patched, the bugs were discovered during an audit of several plugins on a customer’s website Patchstack, which protects WordPress websites from vulnerabilities and runs a WordPress-focused bug hunting platform.
According to Dave Jong, CTO of Patchstack, the SQLi is pretty severe. It allows anyone to extract information from the database, it has no prerequisites. A tool such as SQLmap could easily exploit this vulnerability.
Read More: Portswigger
For more such updates follow us on Google News ITsecuritywire News