This vicious WordPress plugin bug could wipe your whole site

Asia's Tech News Daily

Cybersecurity researchers have helped patch a high-severity rated security flaw in a popular WordPress plugin, which could be exploited to completely wipe and reset any vulnerable WordPress website.

Discovered by WordPress security experts Wordfence, the vulnerability exists in the Hashthemes Demo Importer plugins that boasts of more than 8,000 active installs, and is designed to help admins import demos for WordPress themes with a single click.

According to Wordfence’s QA engineer and threat analyst Ram Gall, the flaw gives any authenticated attacker, even the subscriber-level user with minimal permissions, the ability to reset WordPress sites by zapping virtually all its databases and uploaded media.

Improper checks

According to Gall, the vulnerability exists because the flawed Hashthemes demo importer plugin failed to adequately perform the capability checks for many of its AJAX actions.

“While it did perform a nonce check, the AJAX nonce was visible in the admin dashboard for all users, including low-privileged users such as subscribers. The most severe consequence of this was that a subscriber-level user could reset all of the content on a given site,” noted Gall.

He says that if exploited, the flaw would render a website running the vulnerable plugin completely unrecoverable, unless of course its owners had properly backed it up.

Gall also notes that they first brought the issue to the plugin’s developer, which failed to elicit any response. They then raised it with the WordPress plugins team, which temporarily removed the plugin from its store.

However, while a corrected version was uploaded by the plugin’s developer a few days later, Gall notes that the new version’s change log failed to mention the change.

Easily build a website with these best WordPress website builders, and use one of the best WordPress ecommerce plugins to construct an online store without much effort.

Internet Explorer Channel Network
Asia's Tech News Daily
News Related

OTHER NEWS

Hackers steal $120 million in crypto from DeFi platform

Hackers have stolen crypto tokens worth $120 million from Blockchain-based decentralised finance (DeFi) platform BadgerDAO. Several crypto wallets were drained before the platform could stop the cyber attack.In a tweet, ... Read more »

Government must back UK train travel or risk long-term retreat to cars

Jon Fitton/Shutterstock There’s no doubt that the UK’s railways have been hit hard by the pandemic. Recent figures from the Office of Rail and Road show a huge drop in ... Read more »

Businesses set to face an onslaught of ransomware attacks over holiday season

In each of the past three years, the number of ransomware attacks increased by almost a third over the holiday season as compared to the monthly average, new data from ... Read more »

Finland battles 'exceptional' malware attack spread by phones

The messages started beeping Finns’ mobiles late last week, prompting the National Cyber Security Centre to issue a “severe alert”. HELSINKI (BLOOMBERG) – Finland is working to stop a flood ... Read more »

7 new movies and TV shows on Netflix, Amazon Prime, HBO Max and more this weekend

We’ve been warning you all for the past few weeks, but Christmas has well and truly arrived on streamers in 2021. This weekend will see several new festive movies and ... Read more »

Everyone's been talking about AWS, and Google Cloud is jealous

Just as the curtain falls on Amazon Web Services’ re:Invent 2021 event, Google Cloud has announced a series of new cloud regions, not just in the US, but around the ... Read more »

Microsoft to stop forcing Edge on Windows 11 users

Microsoft has changed the way Windows 11 handles switching default web browsers, thankfully, reversing an unpopular decision it made when the OS was still in pre-release testing (back in August). ... Read more »

Robots doing brain surgery: CEO describes the latest in medical AI

The development of the Moderna (MRNA) coronavirus vaccine relied on it. The early discovery and modeling of COVID-19 outbreaks depended on it. And new drugs for the disease benefited from ... Read more »

Video: £100k Robot displays life-like facial expressions and 'could go to meetings'

Ameca is billed as the "world's most advanced human shaped robot". CEO of Engineered Arts Will Jackson says the machine could take someone's place in a meeting, and costs more than £100,000. Read more »

Tesla recalls one in every four Model Ys it has made in the first 1o months of the year to fix faulty steering

Tesla will recall more than 20,000 of its bestselling made-in-China Model Y sport-utility vehicles (SUVs) to fix a steering issue. The US electric vehicle (EV) giant will recall 21,599 Model ... Read more »

COVID-19: First encounter with virus shapes body's future immune response to new infections, research shows

Instead of having a one-size-fits-all approach, developers could, researchers suggest, tailor make vaccines according to a person's infection history. Read more »

China wants to turn Macau from a casino den into a tech base for the Greater Bay Area

China is forging a new identity for Macau, the world’s largest casino den, as a regional technology hub, according to Chinese technology industry executives and officials. As the former Portuguese ... Read more »

Hey Google, here's a blueprint for a Pixel smartwatch to rival the Apple Watch

The cat’s out of the bag, once more. After a few years of silence, we are again seeing reports about Google working on its own Pixel-branded smartwatch. We just know ... Read more »

Ghislaine Maxwell's 58-page rule book for staff at Jeffrey Epstein's mansion revealed

Ghislaine Maxwell Ghislaine Maxwell wrote a household manual for staff at Jeffrey Epstein’s Florida home, instructing employees to “see nothing, hear nothing, say nothing”, a former housekeeper revealed in testimony ... Read more »

Ghislaine Maxwell trial – live: Defence to quiz former Epstein employee after graphic sex toy testimony

Day five of the trial of British socialite Ghislaine Maxwell starts in New York City, as the 59-year-old answers to charges related to her alleged involvement in financier Jeffrey Epstein’s ... Read more »

Need a doctor? Google can now help you find places that accept your health insurance

Looking for a new doctor who takes your health insurance? An update to Google search might make that easier. Google announced updates to search results providing more information on doctors, ... Read more »

Alcohol, anorexia and chronic colloidal silver ingestion revealed as cause of death in mummified Love Has Won cult leader

The autopsy report of Colorado cult leader Amy Carlson aka “Mother God” has revealed that the leader of religious group Love Has Won died due to a history of alcohol ... Read more »

Want to trade in your smartphone? Take these steps first: Talking Tech podcast

Hit play on the player above to hear the podcast and follow along with the transcript below. This transcript was automatically generated, and then edited for clarity in its current ... Read more »

Little Mix speak out on 'terribly emotional' hiatus decision

Watch: Little Mix 'taking break' after Confetti tour next year Little Mix have opened up on the “terribly emotional” decision to take a hiatus from the performing. This week saw ... Read more »

Trove of new dinosaur fossils in Italy helps rewrite prehistory of the Mediterranean region

An adult and two juvenile individuals of the dinosaur ‘Tethyshadros insularis’ showing the different appearances exhibited by immature and mature specimens (Davide Bonadonna) A trove of new dinosaur skeletons unearthed ... Read more »

Omicron: Britain plans to vaccinate 25 million in two months – but can it be done?

What impact the new omicron variant will have is still unknown. But with early data suggesting it could be the most transmissible form of the virus yet – and that ... Read more »

Oppo Inno Day 2021 date announced, may include new flagship launch

Chinese smartphone giant Oppo has announced the schedule of its annual ’Oppo Inno Day’ through a press release, which will be held on December 14 and 15 this year in ... Read more »

A single VPN drop-out exposed breach scandal that cost Ubiquiti $4bn

A brief VPN outage has led to the arrest of a former Ubiquiti developer, who has reportedly been charged with stealing data and trying to extort his employer while pretending ... Read more »

Cheap AMD GPUs could finally arrive from January 2022

AMD is rumored to have a pair of wallet-friendly graphics cards in the pipeline, and the latest speculation has floated release dates for the RX 6500 XT and RX 6400 ... Read more »

How to add a widget to your Mac in macOS Monterey

The release of macOS Monterey has brought an impressive list of new features for users to enjoy. In this guide, we’ll be focusing on widgets, a feature that’s seen a ... Read more »

The Samsung Galaxy S21 FE is rumored to cost the same as the S20 FE

The Samsung Galaxy S21 FE is expected to finally make its debut next month, and according to the latest rumor, it’s going to go on sale at the same price ... Read more »

Huawei could launch HarmonyOS for global customers next year: Report

Chinese technology company Huawei has seen its share of trouble globally but in the native market, the company is still a big player. The company’s own HarmonyOS, which has been ... Read more »

Scientists Have Found The Two Most Effective Covid Booster Jabs

(Photo: Yui Mok – PA Images via Getty Images) The Pfizer and Moderna vaccines are the most effective Covid booster jabs. a new study has found, but all boosters could ... Read more »

This is what Reliance chairman Mukesh Ambani has to say on data privacy and cryptocurrency bills

Billionaire Mukesh Ambani on Friday backed the proposed data privacy and cryptocurrency bills, saying India is putting in place the most forward-looking policies and regulations.Ambani, who has been a votary ... Read more »

New Data Shows Startups Prefer Keyword-Based Descriptive Domain Names

For the past few decades, it was assumed that rising startups would opt for exact brand match domain names ending in the legacy top-level domain (TLD) .com as soon as ... Read more »

Indian doctor with no travel history tests positive for omicron: ‘This may be everywhere already'

Indian doctor with no travel history tests positive for omicron: ‘This may be everywhere already’ A 46-year-old Indian doctor with no travel history is among the two people who have ... Read more »

Meta pushes high-profile Facebook account holders to enable Facebook Protect features

Photo credit: Timothy Hales Bennett on Unsplash Meta appears to be making more effort to push Facebook users handling high-profile pages to enable Facebook Protect features. Those who fail to turn on the ... Read more »

Samsung Galaxy S21 FE price leaks, and it's reportedly just $100 cheaper than Galaxy S21

Samsung Galaxy S20 | Photo credit: Daniel Romero on Unsplash With the possibility of the Samsung Galaxy S21 FE launching in a month, more details about the anticipated mid-range phone have leaked once ... Read more »

Polar Grit X Pro review

Two-minute review The Grit X Pro showcases the best that Polar has to offer in terms of sports tracking and rich data analysis – and adding more navigation features means ... Read more »

International Space Station forced to dodge debris, Russian space agency says

The manoeuvre is the latest in a series of incidents in which debris has forced astronauts to respond and comes amid calls for space junk to be regulated. Read more »

Samsung Galaxy A73 release date: 108MP main camera, Snapdragon 7-series chip, and design renders appear in new leak

Samsung Galaxy A72 | Photo credit: Đức Trịnh on Unsplash Renders allegedly showing the design of the upcoming Galaxy A73 surfaced recently, and it appears that Samsung is not planning a significant redesign. ... Read more »

NUHS testing AI, AR to help nurses locate hard-to-find veins in some patients

The AI software allows an augmented reality headset to detect a patient’s veins and superimpose digital images of the blood vessels over his arm in real time. SINGAPORE – The ... Read more »

The best photo gifts for Christmas 2021

Photo gifts come in all different shapes and sizes, from personalized t-shirts, mugs and mouse mats, to more traditional photo books. Essentially you can take any photo on your camera, ... Read more »

Zoom could owe you a pay-out after court ruling over privacy breaches

Zoom has settled a class-action lawsuit that alleged the company was in breach of privacy laws and put its users’ data at risk. As a result, it now needs to ... Read more »

Technics EAH-AZ60 review

30-second review It’s a confident or foolish company that enters the mid-range true wireless fray. Happily, Technics is the former, and where the EAH-AZ60 are concerned, it has every right ... Read more »
On free-english-test.com you will find lots of free English exam practice materials to help you improve your English skills: grammar, listening, reading, writing, ielts, toeic