Major security vulnerability discovered in popular WordPress plugin
Tuesday, March 6, 2012/
Security experts have discovered a major security vulnerability in a popular WordPress plugin, allowing malicious users to hack or gain access restricted areas of websites.
Absolute Privacy, a plug-in used on more than 35,000 websites using the WordPress content management system, allows users to set up a password protected area of their website.
However, security experts have warned that in version 2.05, a malicious user can gain access to the website (including administrator access) by entering any current user name with any text as a password.
Any websites using the Absolute Privacy plugin are urged to either immediately update to the most recent version (2.0.6), or disable the plugin.
Social media mishaps: Why businesses should think twice before cracking jokes online Catriona Pollard CP Communications founder
An ‘opportunity-hunting’ generation: Here's what millennial workers need and want Karen Gately Corporate Dojo founder
Spilling the beans: Why inviting someone to 'grab a coffee' is disingenuous and unnecessary Sue Parker DARE Group founder
Why success is simple, motivational speakers suck and Eye of The Tiger is dead to me Ian Whitworth Scene Change co-founder
How Emily McWaters manages her Sydney-based business from Kangaroo Island Emily McWaters The Hamper Emporium chief
Why 'Orwellian' performance monitoring is crucial to building an ethical company culture Michael Kodari Kodari Securities chief