A large-scale breach has impacted more than 75,000 WordPress sites that are running an online course plugin. According to security researchers, the plugin has three critical vulnerabilities that could expose customer data and be used to take over sites. To protect your WordPress site, it's important to update plugins to their latest version and run security scans to prevent any malicious activity.
Online courses are a great way to learn and access information, but sometimes the plugins that power them can put sites at risk. WordPress has reported that the LearnDash LMS plugin, a popular plugin for creating online courses, has three of its critical vulnerabilities that put the security of over 75,000 sites at risk.
The three vulnerabilities include a high-level Cross-Site Scripting (XSS) flaw that could enable attackers to execute malicious JavaScript code in the browser and gather sensitive customer data. It also includes an Unauthenticated Remote Code Execution (RCE) bug that could be exploited by attackers to take over sites and a persistent Cross-Site Scripting (XSS) vulnerability that could enable attackers to inject malicious scripts in legitimate WordPress pages.
To protect against these flaws, WordPress is recommending that all users of version 2.6.8 and lower of the plugin update it to version 2.6.9 or later. Additionally, users should scan their site for any suspicious activity and run regular security checks.
Users should also ensure that all plugins and themes on their WordPress site are updated to their latest version. It is important to regularly update plugins and themes to avoid plugin issues and possibly hacking incidents. WordPress also recommends that users install a free security scan to search for any malicious code or files.
WordPress also urges users to audit their WordPress plugins, review their cybersecurity policy, and regularly perform security scans on their website to investigate any WordPress plugin vulnerabilities. It is also important that users of the LearnDash LMS plugin make sure that they have the latest security updates and patches to protect their WordPress site.
Finally, users should be careful when installing third-party plugins and themes as it could introduce new security flaws. Make sure that you are using only trusted plugins and provide updates to your WordPress site to protect it against any new security flaws.
By following these measures, users can protect their WordPress site from being hacked by malicious attackers. With proper security measures in place, users can protect against possible hacked WordPress plugins and malicious activities.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 24 Jan 2023 17:17:02 +0000