Advertising Plugin for WordPress Threatens Full Site Takeovers – Threatpost

Thousands of vulnerable websites need to apply the patch to avoid RCE.

The Adning Advertising plugin for WordPress, a premium plugin with over 8,000 customers, contains a critical remote code-execution vulnerability with the potential to be exploited by unauthenticated attackers.

The plugin’s author, Tunafish, has rolled out a patched version (v.1.5.6), which site owners should update to as soon as possible. No CVE was issued.

The bug could allow complete site takeover, earning it a 10 out of 10 on the CVSS bug-severity scale. Also, it has already been the subject of in-the-wild…


More Info

About mblog.my

Check Also

A Non-Technical Release Lead’s Journey to Becoming a Mentor for WordPress Core Development – WordPress Tavern

In the summer of 2019, I was asked to help out with a WordPress release. …

Leave a Reply

Your email address will not be published. Required fields are marked *