WordPress is one of the most popular content management systems in the world, powering millions of websites. Unfortunately, it’s also become a target for hackers who are exploiting security flaws in certain plugins to gain access to vulnerable sites. According to reports from Wordfence and other security researchers, over 11 million WordPress sites have been exposed due to an alarming vulnerability found in two plugins – File Manager and WP GDPR Compliance.
The issue was first discovered by Wordfence on April 22nd when they noticed that attackers were using a zero-day exploit against File Manager versions 6.9 and below. This plugin allows users to manage their files directly from within the WordPress dashboard without having to use FTP or cPanel, but unfortunately its code contained several vulnerabilities which allowed attackers full control over any site running an outdated version of this plugin.
WP GDPR Compliance was then identified as another vulnerable plugin after researchers noticed that attackers were exploiting a similar vulnerability in its codebase as well. This particular plugin helps website owners comply with EU data protection regulations such as GDPR (General Data Protection Regulation). It’s estimated that around 8 million websites are currently running this plugin, making them all potential targets for malicious actors looking to take advantage of these security flaws.
Fortunately both developers have since released patches for their respective plugins which address these issues; however many website owners may not be aware of these updates or may simply forget about them altogether leaving their sites open for attack even after they’ve been patched up properly. As such it’s important that everyone takes extra precautions when managing their WordPress installations and makes sure they keep everything up-to-date at all times so as not be taken advantage of by cybercriminals looking for easy targets online.
It goes without saying that keeping your software updated is essential if you want your website remain secure against potential threats like this one; however there are still some additional steps you can take beyond just patching things up regularly: make sure you only install trusted themes/plugins from reputable sources, always back up your data before making any major changes/updates, and consider investing in a good web application firewall solution if possible too! All these measures will help ensure your site remains safe no matter what kind of attacks come its way down the line!
|WordPress Plugin Exposes 11M Sites As Hackers Exploit An Alarming Security Flaw|Security|HotHardware