A new WordPress anti-malware firewall vulnerability can lead to serious hacking levels. Cybersecurity researchers even claimed that this new plugin flaw could allow online attackers to conduct an administrator-level malicious campaign.
(Photo : Photo by Adam Berry/Getty Images)
A visitor tries out an HP Spectre XT laptop computer featuring an Intel Ultrabook processor at the Internationale Funkausstellung (IFA) 2012 consumer electronics trade fair on August 31, 2012 in Berlin, Germany. IFA 2012 is open to the public from today until September 5.
The new vulnerability is pretty serious since it was found in the popular anti-malware firewall plugin called Anti-Malware Security and Brute-Force Firewall.
More than 200,000 websites use this security plugin. It is specifically designed to defend other websites, acting as a firewall and a security scanner.
On the other hand, its premium version prevents brute force attacks that can breach passwords and usernames and conduct DDoS campaigns.
New WordPress Anti-Malware Firewall Vulnerability
According to Search Engine Journal’s latest report, it seems like the firewall plugin accidentally patched a cross-site scripting flaw.
(Photo : Photo by ISSOUF SANOGO/AFP via Getty Images)
According to the figures of the platform of the fight against cybercrime (PLCC) of the national police, nearly one hundred crooks of the internet, were arrested in 2018 in Ivory Coast, a country known for its scammers on the web, has announced on April 2, 2019 the Ivorian authority of regulation of the telephony. (Photo by ISSOUF SANOGO / AFP)
Also Read: Outdated WordPress Plug-ins, Themes Distribute Backdoors For Potential Supply Chain Attack, Jetpack Says
Security experts are now concerned because this new vulnerability can allow reflected XSS attacks. Malicious actors can take advantage of this new flaw by uploading a script.
The implemented script can be activated when a website administrator visits the compromised URL. After that, online attackers will have admin-level permissions, allowing them to access sensitive user data.
Although the United States Government National Vulnerability hasn’t considered this flaw a severe-level vulnerability, it can still lead to serious malicious campaigns.
Preventing WordPress Anti-Malware Firewall Flaw
Cybersecurity researchers said that the best thing that users can do is to have a backup of their WordPress data. They need to do this before updating any WordPress theme or plugin.
After that, they can now install the new Anti-Malware Security and Brute-Force Firewall WordPress Version 4.20.96 to fix the issue.
Aside from the new firewall security flaw, Bleeping Computer recently reported that another WordPress plugin vulnerability put around 500,000 websites at risk of hacking.
If you want to know more about the flaw in the WordPress Elementor Website Builder plugin, you can visit this link.
In 2021, millions of WordPress sites were affected by some plugin flaws.
Meanwhile, WordPress and other browsers said that they are against Google’s ad-targeting tech.
For more news updates about WordPress and other websites, always keep your tabs open here at TechTimes.
Related Article: New WordPress Plugin Leaks Millions of Personal Information; Immediate Update is Suggested
This article is owned by TechTimes
Written by: Griffin Davis
ⓒ 2021 TECHTIMES.com All rights reserved. Do not reproduce without permission.