News
Vulnerability found in WordPress anti-spam plugin
WordPress anti-spam plugin used by 60,000+ users had a PHP Object injection vulnerability. This vulnerability can allow base64 encoded user input, which is not good for any website. The issue arises from improper sanitization of inputs in the form of the plugin.
The WordPress plugin was an anti-spam plugin that allows websites to block spam from forms, comments, registration, and signups. However, the plugin was well-equipped to recognize spam bots and block them from the source IP address.
WordPress anti-spam plugin practices some special features of allowing only specific inputs. The users can also decide the input type, and the plugin will pass through that only that type of content. Examples of such specific inputs are images, text, email addresses, etc.
Sanitization is the process of selecting the right input from the crowd. If a function has the purpose of only excluding text as its input, the plugin will also sanitize everything except the text from the inputs.
The vulnerability found in WordPress anti-spam plugin allowed an encoded input (base64 encoded). The input then causes a vulnerability called a PHP Object injection vulnerability. The plugin passes encoded input to the unserialized PHP function. This could lead to infection and harm the users of the plugin.
Open Web Application Security Project (OWASP) describes the impact of the vulnerability as ‘overstating.’ They also said that the flaw in the plugin could lead to remote code execution attacks. This kind of attack is the worst of its kind.
Adding to the statement, although it is very difficult to exploit this flaw. But the risks are much higher; the business depends on the security of their data.
The Vulnerability in WordPress anti-spam plugin is now fixed in version 2022.6. The officials announced that they fixed the problem and enhanced security in the latest update. Users must immediately switch to the upgraded version to save their data from hackers.
-
Domains5 years ago
8 best domain flipping platforms
-
Business4 years ago
8 Best Digital Marketing Books to Read in 2020
-
How To's5 years ago
How to submit your website’s sitemap to Google Search Console
-
How To's5 years ago
How to register for Amazon Affiliate program
-
Domains3 years ago
New 18 end user domain name sales have taken place
-
Business4 years ago
Best Work From Home Business Ideas
-
How To's4 years ago
3 Best Strategies to Increase Your Profits With Google Ads
-
Domains3 years ago
Crypto companies continue their venture to buy domains