New WordPress plugin vulnerabilities are putting millions of websites at risk. Various security experts warned that these flaws could lead to massive user data leaks, allowing hackers and other cybercriminals to acquire essential data from consumers across the globe. 

New WordPress Plugin Vulnerabilities Put Millions of Websites At Risk! Users Now Urged To Update Their Accounts
(Photo : Photo by Joe Raedle/Getty Images)
Lt. Mike Baute from Florida's Child Predator CyberCrime Unit talks with people on instant messenger during the unveiling of a new CyberCrimes office March 7, 2008 in Fort Lauderdale, Florida. One of the people on the other side of the chat told Lt. Baute, who is saying he is a 14-year-old girl, that he is a 31-year-old male and sent him a photograph of himself. According to current statistics, more than 77 million children regularly use the Internet.

"These flaws made it possible for an attacker to export sensitive information and send arbitrary emails from a vulnerable site that could be used to phish unsuspecting users," explained cybersecurity experts at Wordfence, a security firm that develops solutions for WordPress installation protection. 

Based on their findings, WordPress is currently suffering from two vulnerabilities in the popular Ninja Forms plugin. They explained that Ninja Forms currently has more than one million websites under its installation base. 

They added that these new security flaws appeared because the WordPress plugin usually relies on an unsafe implementation of the user permission checker mechanism, as explained by involved security researchers via BestGamingPro's latest report. 

Millions of WordPress at Risk!

According to Tech Radar's latest report, the issue with WordPress plugins is on user permission activity. As of the moment, the popular platform relies on an insecure system that only checks if the consumer is logged in or not. 

New WordPress Plugin Vulnerabilities Put Millions of Websites At Risk! Users Now Urged To Update Their Accounts

(Photo : Photo credit should read ISSOUF SANOGO/AFP via Getty Images)
A woman uses a laptop on April 3, 2019, in Abidjan. - According to the figures of the platform of the fight against cybercrime (PLCC) of the national police, nearly one hundred crooks of the internet, were arrested in 2018 in Ivory Coast, a country known for its scammers on the web, has announced on April 2, 2019 the Ivorian authority of regulation of the telephony.

Also Read: ExpressVPN CIO Faces $1.6 Million Fine for Spying, Hacking

Security experts explained that it could not check the correct permissions, which are usually triggered by the user's digital activity on a website. 

One of the major vulnerabilities it creates is allowing access to the account to export all the sensitive user data on a website. This simply means that if you left your account open on a certain device, people who have access to that gadget could easily release your data without being asked for the account owner's permission. 

As of the moment, WordPress is just one of the victims of the rising hacking industry. In other news, Fortinet VPN was also hit by a massive password leak. On the other hand, T-Mobile was hacked by a cybercriminal who could steal user data in just a week.  

WordPress Consumers Now Urged To Update! 

Wordfence's cybersecurity experts are now urging WordPress consumers to update their accounts. 

However, you need to know some important details before installing the platform's latest security features. WordPress explained that once you upgrade your account or website, all your files will be affected. 

These include videos, photos, documents, and other folders. To know more about the WordPress update, all you need to do is click this link

For more news updates about WordPress and other platforms affected by major security flaws, always keep your tabs open here at TechTimes.  

Related Article: Father-Son Hacker Duo are On Quest to Help People Get Back Their Missing Crypto After Forgotten Wallet Passwords

This article is owned by TechTimes

Written by: Griffin Davis

ⓒ 2021 TECHTIMES.com All rights reserved. Do not reproduce without permission.