This week seems to be super busy with breaches and vulnerabilities galore, looping you in on the latest vulnerability exposed today.

News is breaking that hackers are exploiting a vulnerability in WordPress plugin Simple Social Buttons, allowing privilege escalation so that non-admins can take over administrator accounts or even whole websites.

The plugin has more than 40,000 active installations, according to WordPress Plugin repository.

Expert Comments below:

Bryan Becker, Application Security Researcher at WhiteHat Security:

- isbuzz expert 9 260x300 - WordPress Plugin Vulnerability Allows Website Takeover

“The WordPress platform is used by some of the world’s largest companies and approximately 30 percent of the world’s websites. WordPress’s latest vulnerability once again emphasizes the and risks of using a large body of third-party maintained code. Methods to exploit the WordPress vulnerability are already available online, so it is absolutely critical that all companies implement the patch distributed by the immediately. There’s no time to waste—unless they want to be the next major .

Steps that organizations can take to mitigate the risk of breaches prior to fixing include 1) implementing web application firewalls (WAFs) or runtime application self-protection (RASP), 2) using composition analysis (SCA) to find vulnerable platforms and third-party libraries and add them to standard patch management (where possible), and best of all, 3) making security testing a part of the entire lifecycle of an application. Security training and education, continuous testing, along with IT and Ops teams partnering with security to understand and prioritize how to mitigate risk, are also vital.”



Source link
Based Blockchain Network

No tags for this post.

LEAVE A REPLY

Please enter your comment!
Please enter your name here