WordPress security plugin Hide My WP addresses SQL injection

27
WordPress security plugin Hide My WP addresses SQL injection

Hide My WP, a popular WordPress security plugin, contained a serious SQL injection (SQLi) vulnerability and a security flaw that enabled unauthenticated attackers to deactivate the software.

Now patched, the bugs were discovered during an audit of several plugins on a customer’s website Patchstack, which protects WordPress websites from vulnerabilities and runs a WordPress-focused bug hunting platform.

According to Dave Jong, CTO of Patchstack, the SQLi is pretty severe. It allows anyone to extract information from the database, it has no prerequisites. A tool such as SQLmap could easily exploit this vulnerability.

Read More: Portswigger

For more such updates follow us on Google News ITsecuritywire News