LinkBack URL
About LinkBacksCustom Contacts Form is vulnerable to remote takeover exploits.
Hundreds of thousands of websites running a popular WordPress plugin are at risk of hacks that give attackers full administrative control, a security firm warned Thursday.
The vulnerability affects Custom Contacts Form, a plugin with more than 621,000 downloads, according to a blog post by researchers from Sucuri. It allows attackers to take unauthorized control of vulnerable websites. It stems from a bug affecting a function known as adminInit(). Hackers can exploit it to create new administrative users or modify database contents.
"The vulnerability was disclosed to the plugin developer a few weeks ago, they were unresponsive," Sucuri researcher Marc-Alexandre Montpas wrote. "The developers were unresponsive so we engaged the WordPress Security team. They were able to close the loops with the developer and get a patch released, you might have missed it."
He also wrote that WordPress-powered sites that rely on the plugin should consider switching to a different plugin, such as JetPack and Gravity Forms. The vulnerability affects all versions of the Custom Contacts Form plugin other than the latest, 5.1.0.4.
Torrent Invites! Buy, Trade, Sell Or Find Free Invites, For EVERY Private Tracker! HDBits.org, BTN, PTP, MTV, Empornium, Orpheus, Bibliotik, RED, IPT, TL, PHD etc!
Results 1 to 1 of 1
-
08-08-2014 #1Extreme User
- Reputation Points
- 111729
- Reputation Power
- 100
- Join Date
- Mar 2014
- Posts
- 3,448
- Time Online
- 252 d 12 h 22 m
- Avg. Time Online
- 1 h 38 m
- Mentioned
- 304 Post(s)
- Quoted
- 52 Post(s)
- Liked
- 4874 times
- Feedbacks
- 46 (100%)
Critical WordPress plugin bug affects hundreds of thousands of sites
Reply With Quote
