security

This WordPress plugin with 5 million users could have a serious … – TechRadar


Cybersecurity researchers from Patchstack recently discovered a high-severity flaw in a popular extension for WordPress, which allows threat actors to exfiltrate sensitive information from vulnerable websites.

The vulnerability is tracked as CVE-2023-40004, and is described as allowing unauthenticated users to access and tweak token configurations. The flaw was found in an extension called All-in-One WP Migration, which has five million active installations. 



READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.