A critical security flaw has been discovered in a popular WordPress plugin. More than 4 million websites are affected, putting the personal data of many users at risk.
The name of WordPress perhaps doesn’t mean anything to you, and yet, he is behind almost half of the world’s websites. 43.6% exactly according to the latest statistics. This is a online content management platformallowing create then manage web pages. One of its great strengths is the possibility ofadd pluginsa bit like browser extensions. There are hundreds of thousands of them, making sure you find exactly the one you need.
The counterpart is that each represents a potential safety risksince hackers will seek to exploit the slightest flaw present in a plugin. The phenomenon is all the more serious when it affects one that is widely used. The one that was recently revealed concerns more than 4 million sites. It touches the extension Really Simple Securitywhich, as its name suggests, simply takes care of the security aspect of the site: SSL configuration, protection of identifiers, two-factor authentication, etc.
This flaw in a popular WordPress plugin puts millions of websites at risk
The Wordfence teams, who discovered the flaw, immediately announced the color: “It is one of the most serious vulnerabilities that we have reported in our 12-year history as a WordPress security provider“. It is present on the free, “Pro” and “Pro Multisite” versions of the plugin, from 9.0.0 to 9.1.1.1. By using it, a hacker can access any user account registered on the site, including that of its administrators.
Also read – WordPress and Tumblr sell your data to companies to train their AI
Unfortunately, exploitation can be done using automated scriptswhich leaves the door open to massive and simultaneous hacking operations. A fix has been deployed to all versions and should have installed automatically. Site administrators must still check that they have version 9.1.2 of Really Simple Security and update manually if necessary.
