Another day, another critical set of flaws
A pair of widely used WordPress plugins need to be patched on more than 320,000 websites to close down vulnerabilities that can be exploited to gain admin control of the web publishing software.
The team at WebArx, a security firm specializing in WordPress and other CRM and publishing platforms, took credit for discovering and reporting the flaws in WP Time Capsule and InfiniteWP. Both plugins were patched earlier this month by the developer, and updates should be applied.
In each case, WebArx says, the authentication bypass flaws were down to "logical issues" that, when targeted, gave an attacker admin access over the site without the need for a password.
In the case of InfiniteWP, a management tool with an estimated 300,000 users, the attacker ..
Support the originator by clicking the read the rest link below.
