WordPress security plugin Hide My WP addresses SQL injection, deactivation flaws

Bugs deemed ‘very easy to exploit as they require no prerequisites’

Hide My WP, a popular WordPress security plugin, contained a serious SQL injection (SQLi) vulnerability and a security flaw that enabled unauthenticated attackers to deactivate the software.

Now patched, the bugs were discovered by Dave Jong, CTO of WordPress-focused bug hunting platform Patchstack, during an audit of plugins on a customer’s website.

The SQLi “is pretty severe”, Jong told The Daily Swig. “It allows anyone to extract information from the database, it has no…

More Info

About mblog.my

Check Also

Cyber Monday Sale: Use code to save 40% off a lifetime of WordPress hosting

You can’t have a website without first securing a host. But hosting fees are expensive, …

Leave a Reply

Your email address will not be published. Required fields are marked *