WordPress is one of the most commonly used CMS in the world. Many blog owners, as well as several online shops, make use of this technology.
Security researchers have come across a new security vulnerability that can have massive consequences.
WordPress Plugin Poses Major Security Threat
Through this exploit, hackers can log in as an administrator without using a password.
The vulnerability in question can be found in the InfiniteWP Client.
That plugin’s code contains some flaws that the developers will hopefully address pretty quickly.
Considering how over 300,000 utilize this plugin, the consequences can be pretty dramatic if left unchecked.
This plugin is crucial to a lot of people, as it allows for the management of multiple WordPress sites in one go.
Thankfully, a patch has been released by the developers, albeit it is still up to site owners to update it accordingly.
It will probably not be the last time criminals will exploit weaknesses in WordPress plugins either.
Site owners not upgrading the plugin run the risk of someone defacing their site or simply deleting everything.
This exploit can also be used to redirect customers to fake checkout pages, or gain access to the payment information
It is the second time an passwordless admin login solution has been discovered in WP plugins in recent months.
Interestingly enough, both plugins are created by the same developer.