New WordPress plugin vulnerabilities are putting millions of websites at risk. Various security experts warned that these flaws could lead to massive user data leaks, allowing hackers and other cybercriminals to acquire essential data from consumers across the globe.
"These flaws made it possible for an attacker to export sensitive information and send arbitrary emails from a vulnerable site that could be used to phish unsuspecting users," explained cybersecurity experts at Wordfence, a security firm that develops solutions for WordPress installation protection.
Based on their findings, WordPress is currently suffering from two vulnerabilities in the popular Ninja Forms plugin. They explained that Ninja Forms currently has more than one million websites under its installation base.
They added that these new security flaws appeared because the WordPress plugin usually relies on an unsafe implementation of the user permission checker mechanism, as explained by involved security researchers via BestGamingPro's latest report.
Millions of WordPress at Risk!
According to Tech Radar's latest report, the issue with WordPress plugins is on user permission activity. As of the moment, the popular platform relies on an insecure system that only checks if the consumer is logged in or not.
Security experts explained that it could not check the correct permissions, which are usually triggered by the user's digital activity on a website.
One of the major vulnerabilities it creates is allowing access to the account to export all the sensitive user data on a website. This simply means that if you left your account open on a certain device, people who have access to that gadget could easily release your data without being asked for the account owner's permission.
As of the moment, WordPress is just one of the victims of the rising hacking industry. In other news, Fortinet VPN was also hit by a massive password leak. On the other hand, T-Mobile was hacked by a cybercriminal who could steal user data in just a week.
WordPress Consumers Now Urged To Update!
Wordfence's cybersecurity experts are now urging WordPress consumers to update their accounts.
However, you need to know some important details before installing the platform's latest security features. WordPress explained that once you upgrade your account or website, all your files will be affected.
These include videos, photos, documents, and other folders. To know more about the WordPress update, all you need to do is click this link.
For more news updates about WordPress and other platforms affected by major security flaws, always keep your tabs open here at TechTimes.
This article is owned by TechTimes
Written by: Griffin Davis