An American security company has warned the hyping of leaks in the content management system WordPress. Following are reports on various websites about a leak in a WordPress plug-in which more than one million websites were exposed to risk.
The vulnerability was in the plugin called WP Slim Stat. Via the leak would be a "blind" SQL Injection attack are possible.Allows an attacker could read information from the database. According to security firm WhiteFir design these types of vulnerabilities are not used in automated attacks, which most WordPress sites have to deal with. In addition, the leak at the time of news coverage already patched.
"The chances that the leak is abused are quite small compared to a vulnerability that affects PHP files can be uploaded to a website, which will surely be attacked," said the IT security officer. The company also criticizes said plurality of more than 1 million Web sites. The plug-in in question has been downloaded over 1 million times, but downloads does not mean that there are as many websites with the plug-in.
In the case of WordPress are namely also updates to plugins counted as a download. The number of actual users is therefore much lower than the number of downloads. According WhiteFir Design have also the media the opportunity to harm the security of WordPress sites. Users should keep their plugins namely always up-to-date, especially since developers do not always mention that they have remedied vulnerabilities.
No comments:
Post a Comment