WordPress is one of the most popular platforms to create, design, and keep a website or blog. They use a variety of plugins to offer the best services to their users, and many of the websites there present incredible visuals, thanks to those plugins. However, this platform is not exempted from vulnerabilities, just as SEOPress showed. Let’s dive into what the problem was.
Details about SEOPress Plugin Vulnerability
WordPress has a security software company named WordFence, which was the one in charge of studying and giving the details of the vulnerability on the SEO plugin known as SEOPress. According to them: “This flaw made it possible for an attacker to inject arbitrary web scripts on a vulnerable site which would execute anytime a user accessed the ‘All Posts’ page.” This was communicated first to the SEOPress publishers for them to start fixing the vulnerability as quickly as possible.
This vulnerability affects the versions 5.0.0 – 5.0.3. of the plugin. One of the interesting parts of this situation was that the official SEOPress changelog didn’t describe the vulnerability or make a statement. They were very vague on this; WordFence was the only one to talk openly about the issue. This vulnerability is dangerous because any user with credentials, starting with a simple subscriber, can enter and change the title and description of any post, but this can lead to a major issue such as: “…a variety of malicious actions like new administrative account creation, webshell injection, arbitrary redirects, and more.”
Issues like this can lead to a vulnerability in any plugin, making it a very dangerous situation for every website and platform like WordPress, which highly uses plugins for SEO and more features. Being aware of these problems is a must! At Eagle Tech Corp, we have a professional team ready to secure all systems and data from any organization. Give us a call!
Don’t miss any posts on our social media!
Facebook: Eagle Tech Corp
LinkedIn: Eagle Tech
YouTube: Eagle Tech Corp