WordPress Vulnerable to Malicious Attacks!

WordPress Vulnerable to Malicious Attacks! According to researchers at  RIPS Technologies , a security analysis company, the core function...

WordPress Vulnerable to Malicious Attacks!

According to researchers at RIPS Technologies, a security analysis company, the core functions of WordPress execute a vulnerability, which may allow limited-privileged users and account hackers to not only run arbitrary/random code on the server, but also to delete important files. While it may sound trivial, these malicious acts can potentially lead to the entire website being hijacked. 

Although the researchers claim that they informed the management of the said domain a few weeks ago regarding the flaw, still no action has been taken against it, and the latest version of WordPress, i.e. 4.9.6, continues to be affected by it. 

The susceptibility lies in the “core deletion function” of the website, which accepts “unsanitized” user input. If interfered with, this could allow attackers to delete any file from the website, including the critical ones, like “.htaccess” and “wp-config.php” ones. The danger can somewhat be reduced by demanding an author account for deletion purposes, but this still cannot fully eliminate the issue. This is because the invader may get access to the credentials of the said account via phishing or other attacks. 

The problem arises when .htaccess files are erased. Holding security related configurations, their deletion would disable protection from the site. Moreover, the removal of wp-config.php would force the website back to the installation screen, enabling the hacker to reconfigure the browser, update credentials (since he/she cannot directly read from the concerned file), shutting the admin out. With this, he/she would have complete, unhindered access to the site. 

But for now, users need to not worry. The researchers also presented hotfix, which manually rectifies the problem. However, it is time that WordPress actually looks into this issue, and ensures that the upcoming versions are not affected by this flaw.



COMMENTS

Name

Bing,1,Blogger,31,Blogging Tips,89,Book Marketing,1,CMS,2,Computer,4,CSS,1,Google,13,Google AdSense,5,HTML,7,Info graphic,1903,Joomla,1,Making Money,4,Marketing,1977,Mobile phone reviews,2,PHP,7,Search Engines,24,SEO,1999,Social Network,1780,Tips,2044,WordPress,28,
ltr
item
just free learn : WordPress Vulnerable to Malicious Attacks!
WordPress Vulnerable to Malicious Attacks!
https://1.bp.blogspot.com/-lZVK558p7kw/WzSxmsjdt3I/AAAAAAAACsU/kXLgk7lHTT0wp8ypdeom5K3AOgLAkRKCgCLcBGAs/s1600/programming-1857236_960_720.jpg
https://1.bp.blogspot.com/-lZVK558p7kw/WzSxmsjdt3I/AAAAAAAACsU/kXLgk7lHTT0wp8ypdeom5K3AOgLAkRKCgCLcBGAs/s72-c/programming-1857236_960_720.jpg
just free learn
https://www.justfreelearn.com/2018/07/wordpress-vulnerable-to-malicious.html
https://www.justfreelearn.com/
https://www.justfreelearn.com/
https://www.justfreelearn.com/2018/07/wordpress-vulnerable-to-malicious.html
true
7308921509470623502
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS CONTENT IS PREMIUM Please share to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy