The security researchers of WordPress had recently reported that there is a flaw in the OptinMonster WordPress plugin. It has been found that it is allowing the hackers to upload malicious scripts to perform an attack on the site visitors. Also, it leads to full site takeovers. Any kind of failure to do a basic security check will lead a site to potential hacking. More Than a million sites are under this threat.
This vulnerability is not due to the brilliant expertise of the hackers. As per the security researchers at Wordfence, the exploit is a failure in the implementation of WordPress REST-API in OptinMonster. It is now resulting in insufficient capability checking. With proper coding, REST-API is a highly secure method. It can extend the functionality of the CMS system.
It lets the plugins or theme interact with the website database without any kind of security compromise. However, proper coding is a must for that.
The REST-API of WordPress is supposed to be secure enough. However, all the websites that are using OptinMonster have a security compromise.
The endpoints of REST- API are the URLs that further represent the page and posts on the WordPress site, which a theme or a plugin can modify. But as per Wordfence, each of the REST-API endpoints in OptinMonster had improper coding, which is compromising the security.
Wordfence has further slammed the REST- API integration of OptinMonster. The improper implementation is making it easier for the unauthenticated attackers to get access to many of the endpoints on sites that are running a vulnerable version.
The attackers who are not having any registration with a website are posing an attack. Some of the vulnerabilities need a registered attacker, which makes it a bit hard to attack a site. Vulnerability does not have such a barrier. No authentication was necessary for the exploitation of OptinMonster.
Wordfence has further warned about the danger of the attack that OptinMonster can impose. Wordfence has notified all the publishers to upgrade to an updated version. The most secure version of OptinMonster is 2.6.5. Wordfence recommended all its users go for a quick update. WordPress has also offered further documentation on the REST-API best practices.
WordPress 5.9 launch postponed until 2022
Google Ads App comes up with 3 new traits
Data breach intrusions at 6 more web hosts
Republished reviews not worthy for rich search results
Google explains when to use Rel Canonical or Noindex
YouTube co-founder not in favor of removing dislikes
Twitter planning to drop support for AMP
Domains2 years ago
8 best domain flipping platforms
Business2 years ago
Wix launches Editor X, website maker for designers and web agencies
Business1 year ago
8 Best Digital Marketing Books to Read in 2020
News3 years ago
Google Search Rankings showing early signs of an algorithm update
Internet Marketing5 months ago
Who is David Bond? A Look Into The Life Of A Travel YouTuber
Internet Marketing2 years ago
Snapchat’s new ‘Multi-Snap’ feature and New Sticker options seen in testing
How To's2 years ago
How to submit your website’s sitemap to Google Search Console
Domains2 years ago
Domains with .com extension are going to become expensive soon