WordPress plugins with more than 300,000 pages that use vulnerabilities are vulnerable to SQL Injection attacks
This error is found on the popular WP Statistics plugin, which allows site administrators to get detailed information regarding the number of online users on the page, visits, visitors and site statistics.
Discovered by the Sucuri team, the WP Statistics plugin is vulnerable to SQL Injection attacks, which allows remote attackers, with only one registered account, to steal sensitive information from the database. data of the website and may occupy website access.
SQL Injection is a web application error, allowing a hacker to inject SQL (Structured Query Language) code into web input data to determine the structure and location of the key database, ultimately allowing stealing information from there.
SQL Injection vulnerability may lie on many functions, including wp_statistics_searchengine_query ()
'This vulnerability is due to lack of control over the data that users provide. Some properties of shortcode wpstatistics have been omitted instead of being recognized as parameters for important functions, 'the researchers said. 'One of the vulnerable functions is the search query wp_statistics_searchengine_query () in includes / functions / functions.php file, accessed via AJAX of WordPress thanks to wp_ajax_parse_media_shortcode ().'
This function does not check for additional privileges, which allows website followers to execute shortcode and inject malicious code into properties. Researchers at Sucuri reported this error to the WP Statistics team and the group patched this vulnerability in the latest version 12.0.8. So if you are using a version with a vulnerability and your website allows users to register, quickly install the latest version.
You should read it
- Which platform is better for WordPress.com and WordPress.org?
- Critical Vulnerability Discovered in 3 WordPress Plugins, Affects 84,000 Websites
- 5 mistakes everyone mistakenly thinks about WordPress
- What's new in WordPress 5.4?
- Instructions for creating web pages in Wordpress from A to Z (Part 2)
- 5 best e-commerce WordPress plugins
- 30 best free WordPress presentation plugins (2018)
- How to add new posts on WordPress
May be interested
- Many serious vulnerabilities have been discovered that allow attackers to take full control of the 4G routerin the past few months, security experts around the world have found that many vulnerabilities exist in 4g routers.
- Top 10+ effective WordPress anti-spam plugins10+ effective wordpress anti-spam plugins, giving you an overview of each type and the benefits they bring
- Summary of popular network attacks todayfor attacks by exploiting vulnerabilities, hackers must be aware of security issues on the operating system or software and take advantage of this knowledge to exploit vulnerabilities.
- Chinese hackers use Dropbox, WordPress attacks Southeast Asiathe chinese cybercrime gang dnscalc has added dropbox and wordpress to the list of malware distribution tools. their goals are government-related individuals and organizations.
- Analyze DLL hijacking attacksin this article, i will show you the vulnerabilities in software architectures that could be vulnerable to dll hijacking, how to detect applications with vulnerabilities and how to prevent them.
- How to Prevent SQL Injection in PHPthis wikihow teaches you how to prevent sql injection using prepared statements in php. sql injection is one of the most common vulnerabilities in web applications today. prepared statements use bound parameters and do not combine...
- Add WordPress.com features to your blogwith the following tips, tipsmake.com will guide you how to install and use the handy functions of the wordpress.com website on the blog.
- Block hacker SQL Injection with ASPsql injection is a hacker 's attack tool to steal vital, vital information of vulnerable organizations and companies.
- Which platform is better for WordPress.com and WordPress.org?a commonly asked question is between wordpress.com and wordpress.org, which is the better platform. to help answer that question, today's article will conduct a comprehensive comparison of these two platforms
- Check spelling in WordPress with After the Deadlineif you are a wordpress user, this is definitely one of the indispensable tools when writing. the truth is that no one can guarantee that 100% of their posts are error-free, even those who specialize in editing sometimes have some basic errors ...