Serious WordPress plugin security flaw puts thousands of sites at risk of attack WordPress on a laptop
Wordfence has discovered three vulnerabilities in the popular WordPress plugin Responsive Menu that could have exposed over 100,000 sites to takeover attacks.
Of these vulnerabilities, one is tracked as critical with a CVSS score of 9.9, another is tracked as high with a score of 8.8 and the third vulnerability is tracked as medium with a score of 5.4.
The first flaw makes it possible for an authenticated attacker with low-level permissions to upload arbitrary files to achieve remote code execution while the other two flaws allow an attacker to forge requests to modify the plugin’s settings and upload arbitrary files that could lead to remote code execution.
If an attacker managed to exploit these flaws on a WordPress site running a vulnerable version of the plugin, they could take over the site which could have consequences including backdoors, spam injections, malicious redirects and other malicious activities, according to a new report from Wordfence’s Chloe Chamberland.
Vulnerable WordPress sites
After discovering these three vulnerabilities, Wordfence initially tried to reach out Responsive Menu’s parent company ExpressTech but received no response. From there, the researchers tried to contact the creators of the plugin on their site but once again received no response. Finally, Wordfence got in touch with the WordPress Plugins team who were able to establish contact between the company and Responsive Menu.
Wordfence and Responsive Menu worked to resolve the plugin’s issues and a patch was released in mid-January. As all three flaws are quite serious, users of the plugin should update to the latest patched version (4.04).
However, at the time of writing, 65 percent of users are still running vulnerable versions of Responsive Menu according to data from its page on WordPress.org. In fact, just over 50,000 new downloads have been recorded which means that another 50,000 sites are still vulnerable to site takeover attacks.
If your WordPress site is running the Responsive Menu plugin, you should download and install version 4.04 immediately to prevent falling victim to any potential attacks.
Via BleepingComputer
Wordfence has discovered three vulnerabilities in the popular WordPress plugin Responsive Menu that could have exposed over 100,000 sites to takeover attacks. Of these vulnerabilities, one is tracked as critical with a CVSS score of 9.9, another is tracked as high with a score of 8.8 and the third vulnerability…
Recent Posts
- Google I/O 2024 live blog: it’s AI time
- Comcast’s StreamSaver bundle will put Netflix, Apple TV Plus and Peacock all under the same roof – and for a ‘vastly reduced price’
- Amazon to produce a live-action Tomb Raider series
- Senua’s Saga: Hellblade II highlights the next round of May Game Pass titles
- AMD RDNA 4 graphics cards could be imminent, as huge driver-related hint is dropped
Archives
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011