Almost a million WordPress websites at risk from this security flaw — here’s what you need to know to keep your site safe

Virtually 1,000,000 WordPress web sites had been susceptible to a flaw that allowed hackers to switch content material on totally different pages. 

A report from Wordfence famous the vulnerability might result in hackers altering delicate knowledge and doubtlessly exploiting the web site builder system.

As per the report, the web sites had been susceptible by way of a WordPress plugin known as Web site Builder, developed by SeedProd which has greater than 900,000 lively installations. The vulnerability concerned a lacking functionality verify in one of many plugin’s features, permitting hackers to switch content material on websites akin to “coming quickly”, upkeep pages, or 404 pages, created utilizing the plugin. 

Concentrating on plugins

WordPress web sites with variations as much as 6.15.21 of the plugin put in had been susceptible, the report additional acknowledged. SeedProd has addressed it, nevertheless, and launched a patch bringing the plugin as much as model 6.15.22. All WordPress web site house owners utilizing the plugin are suggested to use the patch instantly.

The vulnerability itself is tracked as CVE-2024-1072, and carries a severity rating of 8.2/10 within the Widespread Vulnerability Scoring System (CVSS), making it a “excessive threat” flaw. 

WordPress is by far the world’s hottest web site builder, powering virtually half (43%) of all web sites on the web. This additionally makes it a particularly standard goal amongst hackers. Nevertheless, WordPress is usually thought-about secure, as lower than 1% of all identified vulnerabilities on the platform goal the web site builder itself. 

As a substitute, hackers normally search for flaws in plugins and addons, as lots of them aren’t as totally monitored, or regularly up to date, as they need to be. This rings notably true for non-commercial plugins, which are sometimes constructed by a single developer, and typically deserted, however nonetheless extensively used. Directors are suggested to at all times hold all of their plugins up to date.

Extra from TechRadar Professional