Greater than 1 million web sites operating the WordPress content material administration system could also be weak to hacks that permit guests to grab password knowledge and secret keys out of databases, a minimum of beneath sure circumstances.
The vulnerability stems from a "extreme" SQL injection bug in NextGEN Gallery, a WordPress plugin with greater than 1 million installations. Till the flaw was just lately fastened, NextGEN Gallery allowed enter from untrusted guests to be included in WordPress-prepared SQL queries. Underneath sure circumstances, attackers can exploit the weak spot to pipe highly effective instructions to a Net server's backend database.
"That is fairly a essential problem," Slavco Mihajloski, a researcher with Net safety agency Sucuri, wrote in a blog post published Monday. "When you're utilizing a weak model of this plugin, replace as quickly as attainable."
Read 5 remaining paragraphs | Comments
from TechFishNews http://ift.tt/2m4toIf
Comments
Post a Comment