WPForms Plugin Vulnerability Affects Up To 6 Million Sites via @sejournal, @martinibuster

7 months ago 120
ARTICLE AD BOX

Advertisement

WPForms WordPress plugin patches a high-severity vulnerability affecting up to 6 cardinal websites

WPForms Plugin Vulnerability Affects Up To 6 Million Sites

The WPForms plugin for WordPress exposes websites to a vulnerability that allows attackers to update subscriptions and contented refunds. This flaw enables attackers to modify information they usually should not person entree to.

Missing Capability Check

The vulnerability is owed to a missing capableness cheque successful a relation wrong the plugin called wpforms_is_admin_page, which means that the plugin doesn’t cheque for due permissions of the idiosyncratic attempting to marque a alteration with this function. That means that the plugin allows information to beryllium modified by attackers lacking capable privileges.

Attackers request to get astatine slightest subscriber level permissions successful bid to motorboat an attack. Normally this benignant of onslaught doesn’t attain this precocious of a severity rating. But it whitethorn beryllium due to the fact that sites that person users that wage for a subscription are apt to person subscriber level users. This whitethorn beryllium wherefore the severity level of this authenticated onslaught is higher than general.

The Wordfence announcement explains it similar this:

“The WPForms plugin for WordPress is susceptible to unauthorized modification of information owed to a missing capableness cheque connected the ‘wpforms_is_admin_page’ relation successful versions starting from 1.8.4 up to, and including, 1.9.2.1. This makes it imaginable for authenticated attackers, with Subscriber-level entree and above, to refund payments and cancel subscriptions.”

It’s recommended that users of versions WPForms plugin users from versions 1.8.4 up to an including 1.9.2.1 update their plugins.

Read the Wordfence information alert:

WPForms 1.8.4 – 1.9.2.1 – Missing Authorization to Authenticated (Subscriber+) Payment Refund and Subscription Cancellation

Featured Image by Shutterstock/Tithi Luadthong

SEJ STAFF Roger Montti Owner - Martinibuster.com astatine Martinibuster.com

I person 25 years hands-on acquisition successful SEO, evolving on with the hunt engines by keeping up with the latest ...

  1. Homepage
  2. seo
  3. WPForms Plugin Vulnerability Affects Up To 6 Million Sites via @sejournal, @martinibuster

Related

The Role Of E-E-A-T In AI Narratives: Building Brand Authority For Search Success via @sejournal, @cshel

The Role Of E-E-A-T In AI Narratives: Building Brand Authori...

3 months ago 119
Win Higher-Quality Links: The PR Approach To SEO Success [Webinar] via @sejournal, @lorenbaker

Win Higher-Quality Links: The PR Approach To SEO Success [We...

3 months ago 77
How to Use ChatGPT to Get 10X Better Answers

How to Use ChatGPT to Get 10X Better Answers

3 months ago 105
RIGHT SIDEBAR TOP AD

Trending

1. Joann's closing
2. Texas Tech basketball
3. UNC basketball
4. Monster Hunter Wilds
5. Ketamine
6. Macron
7. UPMC Memorial shooting
8. Eagles
9. Hims stock
10. Joel Embiid

Popular

What Is a Landing Page? Examples + Best Practices

What Is a Landing Page? Examples + Best Practices

1 year ago 2442
TikTok Trends 2025: The Most Important Trends To Watch via @sejournal, @theshelleywalsh

TikTok Trends 2025: The Most Important Trends To Watch via @...

6 months ago 1680
The Ultimate 2021 Guide to Content Distribution (+ Infographic)

The Ultimate 2021 Guide to Content Distribution (+ Infograph...

3 years ago 1362
What Is a Sitemap? Website Sitemaps Explained

What Is a Sitemap? Website Sitemaps Explained

11 months ago 1126
Top 5 Local Rank Tracker Tools (Tested & Reviewed)

Top 5 Local Rank Tracker Tools (Tested & Reviewed)

1 year ago 1105
RIGHT SIDEBAR BOTTOM AD
English (US) English (US)
About Us · Contact Us · Terms & Conditions ·

© 香港SEO中心博客 2025. All rights are reserved