News Insights: WordPress Sites Compromised via Zero-Day Vulnerabilities in Total Donations Plugin
WordPress Sites Compromised via Zero-Day Vulnerabilities in Total Donations Plugin
WordPress Sites Compromised via Zero-Day Vulnerabilities in Total Donations Plugin
The Wordfence Threat Intelligence team recently identified multiple critical vulnerabilities in the commercial Total Donations plugin for WordPress. These vulnerabilities, present in all known versions of the plugin up to and including 2.0.5, are being exploited by malicious actors to gain administrative access to affected WordPress sites. We have reserved CVE-2019-6703: to track and reference these vulnerabilities …Read More
News Insights:
According to Satya Gupta, CTO and Co-founder, Virsec:
“WordPress is typical of many popular platforms where businesses only control a small portion of the code they rely upon. Ensuring that there is no unpatched or vulnerable code in this stack is nearly impossible. While it’s always a good idea to heed these alerts and disable or patch vulnerable code wherever possible, businesses need application defenses that protect sensitive processes, even if there are underlying flaws.”
Hugh Taylor
Hugh Taylor is a Certified Information Security Manager (CISM). In addition to editing Journal of Cyber Policy, he writes about cybersecurity, compliance and enterprise technology for such clients as Microsoft, IBM, SAP, HPE, Oracle, Google and Advanced Micro Devices. Prior to launching his freelance writing career, he served in executive roles at Microsoft, IBM and several venture-backed technology startups.