Hackers Are Targeting A WordPress Security Flaw That Was Supposed To Have Been Fixed

[ad_1]

Researchers recently observed a known, and apparently fixed vulnerability, being abused in the wild to steal login credentials for WordPress websites.

Cybersecurity researchers from Plugin Vulnerabilities, an organization that monitors flaws in WordPress plugins, reported a hacker trying to exploit an arbitrary file viewing vulnerability in the WP Compress plugin.

WP Compress is a plugin that promises to fix slow load times by compressing the images found on the website. By improving load times, the developers say the sites will perform better in search engine rankings. This can also prevent visitors from leaving the page.

No CVE record

Table of Contents

By abusing the vulnerability, the hacker was trying to view the contents of the WordPress configuration files which, among other things, also contains the database credentials for the website.

A deeper investigation revealed that the vulnerability is being tracked as CVE-2023-6699, but the record is empty. On the National Institute of Standards and Technology website, it says “although a CVE ID may have been assigned by either CVE or a CNA, it will not be available in the NVD if it has a status of RESERVED by CVE.”

The CVE site, on the other hand, says, “This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.”

Plugin Vulnerabilities further explains that this is problematic because many IT teams rely on information from CVE to keep track of vulnerabilities. With no information provided, many websites are in the dark about the potential vulnerability they’re carrying.

However, the flaw was apparently fixed on December 13 2023. Those using the plugin should make sure they update it to version 6.10.34.

“The lack of CVE records being filled out in a timely manner is an issue that has been known to CVE for some time, but they haven’t addressed,” the researchers have stressed.

More from TechRadar Pro

[ad_2]
#Hackers #targeting #WordPress #security #flaw #supposed #fixed

Hackers are targeting a WordPress security flaw that was supposed to have been fixed

Leave a Comment Cancel reply

Product Highlight

Recent Posts

SSC all exams, links is here

India rejects Chinese assertion on QUAD, says grouping is about doing projects for benefit of people in Indo-Pacific

AAP sweeps polls, wins 102 urban bodies ahead of 2027 battle

Delhi CM Rekha Gupta conducts surprise inspection at Rohini Revenue office

‘Why do men marry if only intention is to humiliate wife and her family?’: SC’s strong remark in dowry case

Bihar Government allots Rabri Devi`s bungalow to Minister Nand Kishore Ram; RJD leader to shift to 39-Harding Road

`PM Modi personally monitoring NEET paper leak`: Centre tells Supreme Court as bench seeks explanation

Amit Shah inaugurates G-7 border outpost along Indo-Pak IB in Bhuj, says security grid strengthened in Harami Nala region

Spiciest from across the globe: This Indian city is called chilli capital of the world

`They arrest people just for show`: Aaditya Thackeray slams Maharashtra law and order over Pune illicit liquor deaths

Diplomatic moves, secret coordination: How India is getting its ships via Strait of Hormuz – Govt Explains | WATCH

Welcome

Categorys

Site Links