Thousands of WordPress sites could be at risk.
Three popular ecommerce plugins for WordPress (WP) installations, open to SQL injection attacks since December 2022, have been patched, protecting businesses from threat actors modifying or deleting their websites.
The three affected plugins, as discovered by Tenable security researcher Joshua Martinelle (via BleepingComputer), were ‘Paid Memberships Pro’, a subscription management tool active on over 100,000 installations, ‘Easy Digital Downloads’, an e-commerce tool active on over 50,000 installations, and ‘Survey Marker’ (a market research tool with over 3,000 active installations)
SQL injections are security flaws that allow attackers to input data into website forms or URLs to modify databases. Attackers can use vulnerabilities that allow SQL injections to inject scripts designed to modify websites, or gain unauthorized access to their backends.
While all websites can be vulnerable to SQL injection during development, Wordpress installations, hosted on a popular, centralized platform stocked with many common plugins, are a popular target for threat actors looking for exploits.
Thankfully, after disclosure of the flaws and the release of proof-of-concept exploits (PoCs) by Martinelle to WordPress on 19 December 2022, the developers of the plugins moved fast to address the flaws, with fixes being released in a matter of weeks, or even days.
A fix for ‘Survey Maker’, as part of version 3.1.2 of the plugin, was released as soon as the 21st of December. ‘Paid Memberships Pro’ followed on the 27th, with a fix rolled into version 2.9.8, and ‘Easy Digital Downloads’ followed on 5 January 2023 as part of version 188.8.131.52.
If they haven’t already, affected users are advised to update these plugins to the latest versions to protect themselves from SQL injection attacks for the foreseeable future.
We engaged The Computer Geeks in mid-2023 as they have a reputation for API integration within the T . . . [MORE].
We all have been VERY pleased with Adrian's vigilance in monitoring the website and his quick and su . . . [MORE].
FIVE STARS + It's true, this is the place to go for your web site needs. In my case, Justin fixed my . . . [MORE].
We reached out to Rich and his team at Computer Geek in July 2021. We were in desperate need of help . . . [MORE].
Just to say thank you for all the hard work. I can't express enough how great it's been to send proj . . . [MORE].