August 4, 2022
Critical WordPress Plugin Vulnerability Allows Hackers to Take Over Sites

Security Flaws in WordPress Plugins Gives Hackers the Ability to Take Over Sites

Popular WordPress plugins contain serious security flaws which can let hackers get into sites and take them over as rouge administrators…

Some WordPress plugins with tens of thousands of active installs are vulnerable to attacks by bad actors, which can result them in accessing the back-end and confiscate sites with administrator-level permissions.

Critical WordPress Plugin Vulnerability Allows Hackers to Take Over Sites

Researchers at NinTechNet have discovered huge security bugs in the Flexible Checkout Fields for WooCommerce plugin. Said flaws are enough to give hackers the option to take over sites.

The plugin in question has at least 20,000 active installations. Luckily, the development team behind the plugin has already released a secure version (build 2.3.2) after learning of the flaws.

While examining the threat, security firm Defiant stumbled onto three more additional zero-day vulnerabilities that are present in other WordPress plugins: 

  • a subscriber+ stored XSS in Async JavaScript (with 100,000+ installs)
  • an unauthenticated+ stored XSS in 10Web Map Builder for Google Maps (with 20,000+ installs)
  • and multiple subscriber+ stored XSS in Modern Events Calendar Lite (with 40,000+ installs)

Such flaws are unfortunately common, as hackers continually look to exploit any susceptibility. This means WordPress developers must remain vigilant in order to build more secure products.

Owen E. Richason IV

Covers social media, apps, search, and similar news. History buff, movie, and theme park lover. Blessed dad and husband.     

View all posts by Owen E. Richason IV →