• Disclaimer
  • Copyright
  • About Us
  • Privacy Policy for Netfest
  • Contact
  • Advertise
Tech News, Magazine & Review WordPress Theme 2017
  • Home
  • News
  • Review
  • Gaming
  • Gear
  • Computers
  • Applications
  • Security
No Result
View All Result
  • Home
  • News
  • Review
  • Gaming
  • Gear
  • Computers
  • Applications
  • Security
No Result
View All Result
NetFest
No Result
View All Result

This faulty WordPress plugin could allow hackers to wipe your website

Nimesh Dama by Nimesh Dama
31 May, 2020
Home News
Share on FacebookShare on Twitter

Plugin flaws placed more than 200,000 websites at risk of attack

ezgif.com webp to jpg 1
(Image credit: Shutterstock / ProStockStudio)

Researchers have found two significant bugs in the WordPress PageLayer Plugin that could allow hackers to hijack websites using their design features.

The compromised plugin is used to build personalized web pages using a basic drag and drop process – an asset for those lacking programming experience – which can be installed on over 200,000 websites.

The two vulnerabilities can also be managed by cyber criminals, discovered by Wordfence, to insert manipulated code, mess with current web site material and also to delete the entire content.

WordPress bugs update

According to discovery researchers, two vulnerabilities arise from unprotected AJAX actions, noncivilization and the lack of safeguard measures against cross-site request fraud (CSRF).

Hackers may use these surveillance tools to do malicious things, including creating admin accounts, having funny tourists visit unsafe domains and accessing a user’s computer through the webbrowser.

“There is a loophole that helps any authenticated subscriber-level user to download and change posts with malicious content, and several other items,” Wordfence explained.

“A second bug enabled attackers to make a request to modify the plugin settings that would require malicious JavaScript injection on behalf of a site ‘s administrator.”

The security company revealed the defects on 30 April and then PageLayer released a patch on 6 May, version 1.1.2. Although this patch has been issued for three weeks, only about 85,000 users have upgraded to the latest version and are still at risk for about 120,000.

PageLayer users are advised to update the plugin immediately to the latest version in order to protect against website takeover.

Tags: This faulty WordPress plugin could allow hackers to wipe your website
Nimesh Dama

Nimesh Dama

Founder and Editor-in-Chief of 'NetFest News,' Nimesh is a cybersecurity analyst, Gadgets review, Tech News, Information Security professional, developer, and a white hat hacker

Next Post
PUBG Mobile: How to register for the PUBG Mobile 0.19.0 beta update?

No grass PUBG Mobile 0.18.0 file download: All you need to know

Leave a Reply Cancel reply

Recommended

Malicious USB Drives Infect 35,000 Computer systems With Crypto-Mining Botnet

Malicious USB Drives Infect 35,000 Computer systems With Crypto-Mining Botnet

20 May, 2020
Edge ads appear in Windows 10’s search as Microsoft continues to push its browser

If you haven’t, Microsoft would only give you a reason to switch to edge from Google Chrome

20 May, 2020

Trending

This faulty WordPress plugin could allow hackers to wipe your website

This faulty WordPress plugin could allow hackers to wipe your website

31 May, 2020
[ No Ban ] Antenna, Aimbot, No Root 2020 PUBG Mobile VENOM Hack

[ No Ban ] Antenna, Aimbot, No Root 2020 PUBG Mobile VENOM Hack

30 June, 2020
MAD MIRAMAR MAD AHEAD OF 7 MAY LAUNCH PUBG TEASER VIDEO REVEALS PUBG MAD LAUNCH

WALTER BLACK ESP V3 Download SEASON 13 PUBG 0.18.0

1 June, 2020
PUBG Mobile: How to register for the PUBG Mobile 0.19.0 beta update?

PUBG Mobile: How to register for the PUBG Mobile 0.19.0 beta update?

23 May, 2020
NetFest

We bring you the best Premium Tech News,Review & Penetration Testing News, magazine, personal blog, etc. Check our landing page for details.

Categories

  • Apple
  • Applications
  • Camera
  • Computers
  • Gaming
  • Gear
  • Laptop
  • Microsoft
  • News
  • Review
  • Security
  • Smartphone

Recent News

For free, you may get the BGMI iOS App from the following link: Is BFMI iOS Download for free in 2 GB Ram? The complete list of iPhones

For free, you may get the BGMI iOS App from the following link: Is BFMI iOS Download for free in 2 GB Ram? The complete list of iPhones

20 August, 2021
If you are discovered hacking or cheating in Battlegrounds Mobile India, there are three methods you may go about reporting it.

If you are discovered hacking or cheating in Battlegrounds Mobile India, there are three methods you may go about reporting it.

11 July, 2021
  • Trending
  • Comments
  • Latest
For free, you may get the BGMI iOS App from the following link: Is BFMI iOS Download for free in 2 GB Ram? The complete list of iPhones

For free, you may get the BGMI iOS App from the following link: Is BFMI iOS Download for free in 2 GB Ram? The complete list of iPhones

20 August, 2021
If you are discovered hacking or cheating in Battlegrounds Mobile India, there are three methods you may go about reporting it.

If you are discovered hacking or cheating in Battlegrounds Mobile India, there are three methods you may go about reporting it.

11 July, 2021
  • Disclaimer
  • Copyright
  • About Us
  • Privacy Policy for Netfest
  • Contact
  • Advertise

© 2020 NetFest - Tech News,Review & Penetration Testing News. by NetFest.

No Result
View All Result
  • Home
  • News
  • Review
  • Apple
  • Applications
  • Computers
  • Gaming
  • Gear
    • Laptop
    • Camera
    • Smartphone
  • Microsoft
  • Smartphone

© 2020 NetFest - Tech News,Review & Penetration Testing News. by NetFest.

Go to mobile version