Cyber Security

More than 1 million WordPress websites imperiled by critical plugin bug

“More than one million websites that run on the WordPress content management application run the risk on being completely hijacked by attackers exploiting critical vulnerability in most versions of a plugin called WP-Slimstat.

Versions prior to the recently released Slimstat 3.9.6 contain a readily guessable key that’s used to sign data sent to and from visiting end-user computers, according to a blog post published Tuesday by Web security firm Sucuri. The result is a SQL injection vector that can be used to extract highly sensitive data, including encrypted passwords and the encryption keys used to remotely administer websites.”

Source: More than 1 million WordPress websites imperiled by critical plugin bug | Ars Technica

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.