Inscrivez-vous maintenant pour un meilleur devis personnalisé!

Millions of websites vulnerable to hackers due to critical vulnerability in WordPress plugin

Le 05 mai 2023 Hi-network.com

The most popular custom fields plugins in WordPress, Advanced Custom Fields and Advanced Custom Fields Pro (versions 6.1.5 and below, free and pro version), have been revealed to have a security vulnerability, dubbed CVE-2023-30777.

By tricking a privileged user into visiting the crafted URL path, this vulnerability allows any unauthenticated user to steal sensitive information, in this case, privilege escalation on the WordPress site. It's worth noting that CVE-2023-30777 can only be enabled by logged-in users with access to the plugin but can be enabled in a default installation or configuration of Advanced Custom Fields. 

The issue was discovered and reported to the maintainers on 2 May 2023. Advanced Custom Fields plugin users are urged to update to version 6.1.6.

tag-icon Tags chauds: Sécurité des réseaux La cybersécurité

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.