Prevent Hackers from Misusing WordPress Plugins

Vulnerable WordPress plugins are exposing your confidential data to threat actors. Advanced approaches can bring cyber discrepancies down. However, you must also have a backup plan to beat the invaders. In this article at Built In, David Balaban determines the emerging threats to the standard WordPress plugins.

Step Up Your Defense

The core WordPress features are secure once your company regularly updates vulnerability patches. Trusted researchers are particular about the emerging threats and are ready with the defenses to maintain cyber hygiene. However, the third-party plugins can still allow cyber attackers to enter the system. These common gaps uncovered recently need a lasting fix:

File Manager

The plugin enables invaders to enter the administrative accounts and inject hazardous codes identified as a ‘zero-day remote code execution’ flaw. It can also run illegal scripts on the WordPress site using File Manager versions 6.0 to 6.8. Chances of cybersecurity attacks are high if you miss updating the plugins with the latest version. So far, over 2.6 million incidents of outdated File Manager versions have been documented. The cybersecurity analysts have detected File Manager plugin hacking attempts in 370,000 IP addresses.

Page Builder

The plugin is the brainchild of SiteOrigin that has more than a million installations, which is sensitive to a range of cross-site request forgery (CSRF) exposures. The ‘Live Editor’ and ‘builder_content’ enable miscreants to enter the system as new administrator. They now have access to take over the WordPress website. The issue is prevalent till you initiate a patchwork to fix the susceptibilities.

GDPR Cookie Consent

The plugin has almost 800,000 active users compliant with the European Union’s General Data Protection Regulation (GDPR). The Cookie Consent version 1.8.2 is susceptible to malicious activities and prompt cross-site scripting (XSS) attacks. Once they enter the system, cybercriminals can modify, edit, or erase the WordPress website’s content. However, you can combat the attack and fix the patch using the WebToffee version released at the beginning of 2020.


It is a prominent plugin with almost 20 million downloads a year. It replicates a website and helps you maintain a data stockpile. However, Wordfence security analysts detected a flaw in 2020. The plugin allowed threat actors to download arbitrary files from a WordPress website and run copied version 1.3.26. Security professionals fixed it as soon as they learned about it. Still, there is an evident gap in the system that is easy to breach again.

Click on the following link to read the original article: https://builtin.com/cybersecurity/CMS-wordpress-plugins-hacks

The post Prevent Hackers from Misusing WordPress Plugins appeared first on AITS CAI’s Accelerating IT Success.

Leave a Comment