Security experts have discovered a major security vulnerability in a popular WordPress plugin, allowing malicious users to hack or gain access restricted areas of websites.
Absolute Privacy, a plug-in used on more than 35,000 websites using the WordPress content management system, allows users to set up a password protected area of their website.
However, security experts have warned that in version 2.05, a malicious user can gain access to the website (including administrator access) by entering any current user name with any text as a password.
Get business news first
Sign up to SmartCompany’s daily newsletter
Any websites using the Absolute Privacy plugin are urged to either immediately update to the most recent version (2.0.6), or disable the plugin.