Major security vulnerability discovered in popular WordPress plugin

Security experts have discovered a major security vulnerability in a popular WordPress plugin, allowing malicious users to hack or gain access restricted areas of websites.

Absolute Privacy, a plug-in used on more than 35,000 websites using the WordPress content management system, allows users to set up a password protected area of their website.

However, security experts have warned that in version 2.05, a malicious user can gain access to the website (including administrator access) by entering any current user name with any text as a password.

Any websites using the Absolute Privacy plugin are urged to either immediately update to the most recent version (2.0.6), or disable the plugin.


Notify of
Inline Feedbacks
View all comments