Critical WordPress Bug Leaves 320,000 Sites Open to Attack
Infinite Client and WP Time Capsule, two WordPress plugins, contain vulnerabilities that leave sites open to attack. The bug is a critical authorization complication that allows adversaries access to the backend of a site without a password.
The attacker only needs the admin username for the WordPress plugins. Both of the plugins contain issues within their code. According to the WordPress plugin library, over 300,000 websites are using the InfiniteWP Client while 20,000 are using the WP Time Capsule plugin. The vulnerabilities were reported on January 7, and patches were released the next day. The bugs were announced publicly by WebArx earlier this week.