Authentication bypass bugs in 3 plugins make 400,000 websites vulnerable

Researchers have discovered authorization bypass bugs in three WordPress plugins, making a total of 400,000 WordPress websites vulnerable to cyber attacks. The affected plugins are InfiniteWP, WP Time Capsule and the WP Database Reset plugin.

InfiniteWP Client

InfiniteWP Client was hit the hardest by the authentication bypass bug. This plugin makes it possible for admins to manage multiple websites from a single server. So if the bug is misused, the hacker has immediate access to all those websites. With over 300,000 active installations, InfiniteWP Client also has the largest reach of all three plugins.

Do you use the InfiniteWP Client plugin and run version 1.9.4.4 or lower? Then you must update to version 1.9.4.5 as soon as possible.

 

WP Time Capsule

WP Time Capsule is a plugin that makes it easy to make backups of your website data. The free version of the plugin is active on more than 20,000 WordPress websites.

Do you use the WP Time Capsule plugin? Version 1.21.16 contains a patch, so it is best to update immediately if you are running an older version.

 

WP Database Reset

WP Database Reset makes it possible to reset the WordPress database with just a few clicks. The bug allows malicious users to remove all data from an affected website, including pages, blog posts, users and settings. A second vulnerability in this plugin ensures that every logged-in user (also with limited system rights) can obtain admin privileges and thus exclude all other users. WP Database Reset has more than 80,000 active installations.

To prevent the above problem, it is recommended to immediately update the plugin to version 3.15; this update contains patches for both bugs.

 

Want to know more about these authentication bypass bugs?

The good news is that there are as yet no reports of abuse of the vulnerabilities in these plugins. If you want to know more about the authentication bypass bugs, you can consult this blog post on Wordfence.com.

Join Our Online Security and Hosting Newsletter Today

and stay updated with the latest news, updates, releases & much more.
Subscribe
SUBSCRIBE NOW

Related Posts

Join Our Online Security and Hosting Newsletter Today

and stay updated with the latest news, updates, releases & much more.
Subscribe
SUBSCRIBE NOW
close-link
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.