Major security vulnerability discovered in popular WordPress plugin
Tuesday, March 6, 2012/
Security experts have discovered a major security vulnerability in a popular WordPress plugin, allowing malicious users to hack or gain access restricted areas of websites.
Absolute Privacy, a plug-in used on more than 35,000 websites using the WordPress content management system, allows users to set up a password protected area of their website.
However, security experts have warned that in version 2.05, a malicious user can gain access to the website (including administrator access) by entering any current user name with any text as a password.
Any websites using the Absolute Privacy plugin are urged to either immediately update to the most recent version (2.0.6), or disable the plugin.