The recent advisory from Patchstack comes a few months after security experts strongly urged users of a popular WordPress plugin to immediately update their installations. To this end, system administrators should implement additional security practices such as access control, nonce checks and utilize functions like check_password_reset_key, which verifies the validity and expiration of a password reset key, ensuring secure password reset processes. “Since we’ve detected that third parties have had access to the vulnerability information via monitoring the changelog and have made the issue public, we’ve decided to disclose the vulnerability early,” reads the advisory.Īt the same time, Patchstack clarified that, while the patch addresses the specific vulnerability that was identified, the software can have multiple vulnerabilities and new vulnerabilities may arise in the future. All you have to do is define the right process, and optimize as the site progresses. Starting with the right approach is pivotal Everything must go hand in hand with the development processes of the build. The company clarified that the flaw was addressed in version 5.7.2, released on on May 11, just days after Patchstack contacted the plugin vendor on May 8. Four Main Steps for Developing a Potent WordPress Scalability Strategy. “This vulnerability occurs because this password reset function does not validate a password reset key and instead directly changes the password of the given user,” Patchstack wrote. The best approach for scaling WordPress is avoiding the ‘bottlenecks’ that commonly occur with a sudden surge in traffic. Read more on Elementor vulnerabilities: Elementor Fixes Critical Bug in Popular WordPress Plugin Patchstack further explained that by exploiting this vulnerability, attackers could reset the password of any user simply by knowing their username, thereby gaining unauthorized access to user accounts, including those with administrative privileges. “This plugin suffers from an unauthenticated privilege escalation vulnerability and allows any unauthenticated user to escalate their privilege to that of any user on the WordPress site,” reads the technical write-up. A newly discovered vulnerability in the Essential Addons for Elementor plugin has put over one million WordPress websites at risk of attacks aimed at gaining unauthorized access to user accounts with elevated privileges.Ĭybersecurity experts at Patchstack described the new vulnerability ( CVE-2023-32243) in an advisory published on Thursday.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |