Protect against Log4J without patching
Learn More
 
Protect against Log4J without patching
Learn More

news-highlightsCritical vulnerability in popular WordPress plugin exposes millions of sites to hacking

Critical vulnerability in popular WordPress plugin exposes millions of sites to hacking

News Highlights

April 14, 2022

Critical vulnerability in popular WordPress plugin exposes millions of sites to hacking


A critical vulnerability in a highly popular WordPress plugin has exposed millions of websites to hacking.

Discovered by researchers at Plugin Vulnerabilities and detailed April 12, the vulnerability was found in Elementor, a WordPress plugin that allows users to build websites with more than 5 million active installations. The vulnerability was found in version 3.6.0 of the plugin, introduced on March 22, with about a third of the sites using Elemantor to run the vulnerable version when the vulnerability was found.

The vulnerability is caused by an absence of a critical access check in one of the plugin’s files, which is loaded on every request, even if users are not logged in. Because the check does not occur, access to the file and hence the plugin is open to all and sundry, including bad actors.

SiliconAngle tapped K2’s CEO and Co-Founder, Pravin Madhani for commentary.

Click here to read the complete article and K2’s commentary on SiliconAngle.

K2 CYBER SECURITY

K2 Cyber Security delivers the Next Generation Application Security Platform to secure web applications and container workloads against sophisticated attacks in OWASP Top 10 and provides exploitable vulnerability detection during pre-production. K2’s Platform is deployed on production servers for runtime protection of applications and on pen-testing/pre-production/QA servers for interactive application security testing to identify the location of the vulnerable code. K2’s solution generates almost no false positives, eliminates breaches due to zero-day attacks, detects attacks missed by traditional security tools like Web Application Firewalls and host based EDR, finds missed exploitable vulnerabilities and dramatically reduces security cost. K2 Cyber Security is headquartered in the USA and provides cyber security solutions globally.

CONTACT INFO

K2 Cyber Security, Inc.

2580 N. First Street, #130

San Jose, CA 95131