Security experts have discovered a major security vulnerability in a popular WordPress plugin, allowing malicious users to hack or gain access restricted areas of websites.
Absolute Privacy, a plug-in used on more than 35,000 websites using the WordPress content management system, allows users to set up a password protected area of their website.
However, security experts have warned that in version 2.05, a malicious user can gain access to the website (including administrator access) by entering any current user name with any text as a password.
Any websites using the Absolute Privacy plugin are urged to either immediately update to the most recent version (2.0.6), or disable the plugin.
ABOUT THE AUTHOR
Andrew Sadauskas is a former journalist at SmartCompany and a former editor of TechCompany.
COMMENTS
SmartCompany is committed to hosting lively discussions. Help us keep the conversation useful, interesting and welcoming. We aim to publish comments quickly in the interest of promoting robust conversation, but we’re a small team and we deploy filters to protect against legal risk. Occasionally your comment may be held up while it is being reviewed, but we’re working as fast as we can to keep the conversation rolling.
The SmartCompany comment section is members-only content. Please subscribe to leave a comment.
The SmartCompany comment section is members-only content. Please login to leave a comment.