C-Suite On Deck
Keep me plugged in with the best
Join thousands of your peers and receive our weekly newsletter with the latest news, industry events, customer insights, and market intelligence.
I agree to the
terms of service
PLEASE CORRECT THE FOLLOWING:
Please Enter Some Keywords
WordPress Sites Hit With a Zero-Day
WordPress sites using the Total Donations plugin were hit with a zero-day attack due to multiple design flaws in the code. The Wordfence Threat Intelligence team found several critical vulnerabilities in the plugin on January 16th. All known versions up to 2.0.5 were affected in the attack. Cybercriminals exploited the plugin by gaining administrative access to the affected sites. Identified as CVE-2019-6703, the vulnerability allows malicious actors to “update arbitrary WordPress option values”, thus taking over the site. Further, attackers can create new user accounts and set new accounts to administrator. Security analyst, Nate Smith, at WordPress found the zero-day when he noticed several suspicious AJAX actions happening on the access log page. 88 unique AJAX actions were identified in the plugin, all of which were accessible by unauthorized users. Of the 88 actions, 49 could be exploited by the attackers. Thus, allowing them to access private data, make changes to the site, and to take over the site.
I'm for real
Enter your email once to access all our information and resources.
(Your email address is required so we know you're a real person)
By downloading this content, you give permission for your contact information to be shared with the content provider who may contact you in regards to the content.