News Insights: WordPress Sites Compromised via Zero-Day Vulnerabilities in Total Donations Plugin

WordPress Sites Compromised via Zero-Day Vulnerabilities in Total Donations Plugin

WordPress Sites Compromised via Zero-Day Vulnerabilities in Total Donations Plugin

The Wordfence Threat Intelligence team recently identified multiple critical vulnerabilities in the commercial Total Donations plugin for WordPress. These vulnerabilities, present in all known versions of the plugin up to and including 2.0.5, are being exploited by malicious actors to gain administrative access to affected WordPress sites. We have reserved CVE-2019-6703:  to track and reference these vulnerabilities …Read More

READ ARTICLE

 

News Insights:

According to Satya Gupta, CTO and Co-founder, Virsec:

“WordPress is typical of many popular platforms where businesses only control a small portion of the code they rely upon. Ensuring that there is no unpatched or vulnerable code in this stack is nearly impossible. While it’s always a good idea to heed these alerts and disable or patch vulnerable code wherever possible, businesses need application defenses that protect sensitive processes, even if there are underlying flaws.”