Second major Wordpress vulnerability uncovered this month

Wordpress is huge - it's used to power a significant portion of the websites on the internet - so when a vulnerability is discovered it's rightly big news. Earlier this month it was discovered that a botnet was being built using Wordpress installations that had been brute-force hacked and sysadmins and bloggers the world over rushed to update their login details with the hope that they'd protect themselves from being compromised.

Now, two popular Wordpress plugins have tripped up and this time the hack is far more worrying - instead of a chance that a site could be forced open, this hack did most of the hard work and would allow the attacker the ability to run any PHP code they want on the vulnerable site server. The plugins in question are WP Super Cache and W3TC - two caching solutions that are intended to make Wordpress-powered sites faster.

Both plugins have since been updated to remove this vulnerability so if you run a Wordpress blog using one of them make sure you update as soon as you can.

More info can be found here.

We need your help

Running a website like The Digital Fix - especially one with over 20 years of content and an active community - costs lots of money and we need your help. As advertising income for independent sites continues to contract we are looking at other ways of supporting the site hosting and paying for content.

You can help us by using the links on The Digital Fix to buy your films, games and music and we ask that you try to avoid blocking our ads if you can. You can also help directly for just a few pennies per day via our Patreon - and you can even pay to have ads removed from the site entirely.

Click here to find out more about our Patreon and how you can help us.

Did you enjoy the article above? If so please help us by sharing it to your social networks with the buttons below...

Tags wordpress
Category Tech Content

Latest Articles