Advertising Plugin for WordPress Threatens Full Site Takeovers – Threatpost

Thousands of vulnerable websites need to apply the patch to avoid RCE.

The Adning Advertising plugin for WordPress, a premium plugin with over 8,000 customers, contains a critical remote code-execution vulnerability with the potential to be exploited by unauthenticated attackers.

The plugin’s author, Tunafish, has rolled out a patched version (v.1.5.6), which site owners should update to as soon as possible. No CVE was issued.

The bug could allow complete site takeover, earning it a 10 out of 10 on the CVSS bug-severity scale. Also, it has already been the subject of in-the-wild…


More Info

About mblog.my

Check Also

Simple steps to stay safe

If your website gets hacked, it’s a big black mark on the reputation of your …

Leave a Reply

Your email address will not be published. Required fields are marked *