[ad_1]
Bugs deemed ‘very easy to exploit as they require no prerequisites’
Hide My WP, a popular WordPress security plugin, contained a serious SQL injection (SQLi) vulnerability and a security flaw that enabled unauthenticated attackers to deactivate the software.
Now patched, the bugs were discovered by Dave Jong, CTO of WordPress-focused bug hunting platform Patchstack, during an audit of plugins on a customer’s website.
The SQLi “is pretty severe”, Jong told The Daily Swig. “It allows anyone to extract information from the database, it has no…
More Info
