December 4, 2023

Researchers Discover Critical Vulnerability In InfiniteWP Client And WP Time Capsule Plugins

4 years ago Xia J

Anybody can log in to WordPress as an administrator if the site is using vulnerable InfiniteWP Client and WP Time Capsule plugins, warned researchers from WebARX.

 

In a blog post, the researchers revealed its hard to block the vulnerability with general firewall rules “because the payload is encoded and a malicious payload would not look much different compared to a legitimate-looking payload of both plugins.”

 

Additionally, “because of the nature of the vulnerability, cloud-based firewalls might not be able to make a difference between malicious or legitimate traffic and therefore may fail to provide effective protection against this vulnerability.”

 

The developer of the plugins released patches for logical issues in the code that caused the vulnerability after being informed of the problem by WebARX.

Xia J

See author's posts

More Stories

Cash App Warns 8.2 Million Customers of Insider Breach

2 years ago L7 News

The Third-Party Okta Hack Is Bad

2 years ago L7 News

Apple Park partially evacuated after envelope with white powder substance was discovered

2 years ago newsr00t

You may have missed

Cash App Warns 8.2 Million Customers of Insider Breach

2 years ago L7 News

The Third-Party Okta Hack Is Bad

2 years ago L7 News

Apple Park partially evacuated after envelope with white powder substance was discovered

2 years ago newsr00t

FBI: Ransomware Gang Breached 52 U.S. Critical Infrastructure Orgs

2 years ago newsr00t

Microsoft Warns About New App-Based Attack Angle

3 years ago L7 News