Regístrese ahora para una mejor cotización personalizada!

Millions of websites vulnerable to hackers due to critical vulnerability in WordPress plugin

Mayo, 05, 2023 Hi-network.com

The most popular custom fields plugins in WordPress, Advanced Custom Fields and Advanced Custom Fields Pro (versions 6.1.5 and below, free and pro version), have been revealed to have a security vulnerability, dubbed CVE-2023-30777.

By tricking a privileged user into visiting the crafted URL path, this vulnerability allows any unauthenticated user to steal sensitive information, in this case, privilege escalation on the WordPress site. It's worth noting that CVE-2023-30777 can only be enabled by logged-in users with access to the plugin but can be enabled in a default installation or configuration of Advanced Custom Fields. 

The issue was discovered and reported to the maintainers on 2 May 2023. Advanced Custom Fields plugin users are urged to update to version 6.1.6.

tag-icon Etiquetas calientes: Seguridad de red ciberseguridad

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.