A new wave of WordPress flaws threatening users of the blogging software have been found in plugins, according to researchers.
Digital security experts are warning about the flaws, which could leave users vulnerable to cyber attacks.
Security specialist Yonathan Klijnsma uncovered an issue with a plugin called RevSlider, which hackers have exploited by embedding iframes that result in exploits being loaded.
Added to this flaw, security firm Nettitude UK found two issues with another plugin called NextGen. One attack results in code being uploaded, while another sees cross-site request forgery resulting in a user’s browser performing actions on trusted websites that the user did not request. For example, the flaw may see users changing a password or transferring funds without their knowledge.
Alert Logic’s head security evangelist, Stephen Coty, said:
“WordPress has always done a very poor job of scanning plugins that the community creates and uploads. These malicious actors will load backdoors that they can then use to compromise a user’s WordPress environment collecting visitor data to those sites.”
He went on to say that hackers are able to use WordPress maliciously thanks to flawed but valid plugins. There are a number of these software components, he pointed out, that can be downloaded from the WordPress site but that no longer receive support from their developers.
Businesses that have had their sites built with this popular and often useful platform need to be either careful when installing plugins, or have a very experienced WordPress user at their disposal. The most effective solution would be to open cyber security jobs to those who could spot such flaws immediately, whether on WordPress or any other website that the business may run.
Send us your CV and have our recruiters match you to the ideal opportunities
Do you already have an account with us?
Log inWant to have an account with us?
RegisterWant to just send us your CV?
By submitting your registration and CV to us you are agreeing to join our database and to be contacted about relevant jobs industry communications. Please read our terms of business for more information.