Daffodil International University
Faculty of Science and Information Technology => Recent Technologies and Trends in Software Engineering => Software Engineering => Cyber and Software Security => Topic started by: maruf.swe on March 28, 2019, 05:50:12 PM
-
(https://media.threatpost.com/wp-content/uploads/sites/103/2019/01/28092447/wordpress_plugin_vuln.jpg)
The development team of the vulnerable Total Donations plugin appears to have abandoned it, and did not respond to inquiries from researchers.
Researchers are urging WordPress site owners to delete a compromised plugin after multiple zero-day vulnerabilities were discovered being exploited by a malicious actor.
Researchers at Wordfence said on Friday that flaws in the plugin, Total Donations, are being exploited by malicious actors to gain administrative access to impacted WordPress sites. Making matters worse, the plugin appears to be abandoned, and there was no response from its developers at Calmar Webmedia about the flaws despite multiple attempts to contact them.
For More Details :https://threatpost.com/wordpress-users-urged-to-delete-zero-day-ridden-plugin/141209/ (https://threatpost.com/wordpress-users-urged-to-delete-zero-day-ridden-plugin/141209/)