Wordpress, WordPress download manager, WordPress Plugins, According

The remote code execution vulnerability has now been fixed

A security flaw in a popular WordPress plugin called WordPress Download Manager has now been fixed. The flaw allowed hackers to run and upload malicious files on the websites that ran the plugin.

According to the security researchers at Wordfence, the plugin has been installed on more than 100,000 websites that use WordPress and was found weak to two severe flaws. The first one allowed was a file upload vulnerability that would have let threat actors remotely execute malicious code and the second was a vulnerability to a double extension attack through which a file with multiple extensions could be used to trigger code.

As explained by Wordfence, "a user with author-level permissions could also upload a file with an image extension containing malicious JavaScript and set the contents of file[page_template] to the path of the uploaded file."

This would have allowed the actor to take control of the site by obtaining credentials or by remotely executing a code in the administrator's browser session.

The second vulnerability allowed authors and other users to perform a double extension attack. For instance, "it was possible to upload a file titled info.php.png. This file would be executable on certain Apache/mod_php configurations that use an AddHandler or AddType directive."

Both of the vulnerabilities have been fixed by the plugin's developer.

Latest breaking 24h news around the world Latest breaking 24h news around the world - Page 2 Latest breaking 24h news around the world - Page 3


LATEST NEWS

NEWS RELATED

Ministers close to deal that could end China's role in UK nuclear power station

Ministers are closing in on a deal that could kick China off a project to build a £20bn nuclear power station on the Suffolk coast and pump in tens of millions of pounds of taxpayer cash instead – a move that would heighten geopolitical tensions. The government could announce plans…

Read more: Ministers close to deal that could end China's role in UK nuclear power station

Cowboy Bebop reveals super-stylish title sequence at Netflix Tudum fan event

© Provided by CNET John Cho as Spike Spiegel. Netflix The strike rate for live-action anime remakes has — so far — not been good. Can Netflix change this with Cowboy Bebop? Based on what we’ve seen at this point… probably? After announcing a killer cast and revealing that cast…

Read more: Cowboy Bebop reveals super-stylish title sequence at Netflix Tudum fan event

Germany Uses Converted Tesla Model Y To Showcase 'Green Hydrogen'

© InsideEVs tesla model y hyper hybrid Sadly, the Model Y is already much more efficient than it is once converted to a ‘Hyber Hybrid.’ A converted version of the Tesla Model Y was recently shown off in Germany as part of efforts to promote “green hydrogen.” The crossover was…

Read more: Germany Uses Converted Tesla Model Y To Showcase 'Green Hydrogen'

Neo-Nazis are Monetizing Social Media Platforms Like Facebook, Instagram, and Twitter

(Photo : Pexels/Pixabay) Facebook sites Neo-Nazis are still active online, and they are taking a different form. In Europe, the right-wing extremists are part of a premier martial arts group. Neo-Nazis are Making Money Online The German authorities have banned the tournament of the martial arts group twice. However, the…

Read more: Neo-Nazis are Monetizing Social Media Platforms Like Facebook, Instagram, and Twitter

Cobra Kai season 4 trailer karate chops its way into Netflix Tudum event

© Provided by CNET Netflix Following a wildly successful first three seasons on Netflix after being plucked from near obscurity on YouTube, Cobra Kai is back with a new teaser-trailer for season 4. The first look landed during Tudum, Netflix’s three-hour online fan event named after the distinctive drumbeat in Netflix’s…

Read more: Cobra Kai season 4 trailer karate chops its way into Netflix Tudum event

Don't turn up your TV's sharpness control. Instead, turn it down (way down)

© Provided by CNET Geoffrey Morrison/CNET Your TV has a lot of picture settings, like brightness, color and sharpness, and turning them all up might seem like a great idea. Who wants a picture that’s dim, colorless and dull, right? In reality, maxing out those adjustments can ruin your picture,…

Read more: Don't turn up your TV's sharpness control. Instead, turn it down (way down)

See inside the iPhone 13 Pro in iFixit's latest teardown

© Photo by Vjeran Pavic / The Verge iPhone 13 Pro The team at iFixit has a new teardown of the iPhone 13 Pro, finding it has an enormous battery and some small internal changes to how the components are laid out to accommodate the smaller notch on this year’s…

Read more: See inside the iPhone 13 Pro in iFixit's latest teardown

China frees Canadians after Huawei boss released

© CRISIGROUP/AFP via Getty Images COMBO-CHINA-CANADA-US-COURT-DIPLOMACY Two Canadians detained in China on spying charges have been released from prison hours after a top boss at Huawei resolved criminal charges against her in a deal with the U.S. Justice Department. Canadians Michael Kovrig and Michael Spavor were arrested in China in…

Read more: China frees Canadians after Huawei boss released

Amazon Great Indian Festival Sale: OnePlus 9 Pro gets massive discount; All you need to know

Apple reportedly told a TV and movie workers' union its TV Plus had fewer than 20 million subs

Your iPhone already tracks your steps. What if it tracked your mood, too?

iPhone 13 Mini vs iPhone 12 Mini: Which one to buy?

On This Day in Space! Sept. 25, 2008: China launches its 3rd human spaceflight mission

Apple Tells Union That It Only Has 20 Million Subscribers, Allowing Them to Pay Lower Rates to Workers

How many satellites are orbiting Earth?

Prince Charles signs deal with Amazon Prime Video

OTHER NEWS