FlagThis

A critical vulnerability in the UpdraftPlus WordPress plugin has exposed over 3 million websites to unauthenticated PHP object injection attacks. This vulnerability allows attackers to inject malicious code, potentially leading to complete site compromise. The issue highlights the severe risks associated with vulnerable plugins in popular CMS platforms and the importance of regular updates.

A critical vulnerability, CVE-2024-11972, has been discovered in the Hunk Companion WordPress plugin, affecting versions below 1.9.0. This flaw allows malicious actors to install and activate vulnerable plugins on affected sites through unauthenticated POST requests. Attackers can exploit this to backdoor sites. The vulnerability has a CVSS score of 9.8, highlighting its severity. This flaw poses a significant security risk, impacting over 10,000 websites. Site owners are advised to update their plugins immediately.