Tech giant Microsoft on Tuesday shipped fixes to quash 64 new security flaws across its software lineup, including one zero-day flaw that has been actively exploited in real-world attacks.
Of the 64 bugs, five are rated Critical, 57 are rated Important, one is rated Moderate, and one is rated Low in severity. The patches are in addition to 16 vulnerabilities that Microsoft addressed in its

Tech giant Microsoft on Tuesday shipped fixes to quash 64 new security flaws across its software lineup, including one zero-day flaw that has been actively exploited in real-world attacks.

Of the 64 bugs, five are rated Critical, 57 are rated Important, one is rated Moderate, and one is rated Low in severity. The patches are in addition to 16 vulnerabilities that Microsoft addressed in its Chromium-based Edge browser earlier this month.

"In terms of CVEs released, this Patch Tuesday may appear on the lighter side in comparison to other months," Bharat Jogi, director of vulnerability and threat research at Qualys, said in a statement shared with The Hacker News.

"However, this month hit a sizable milestone for the calendar year, with MSFT having fixed the 1000th CVE of 2022 – likely on track to surpass 2021 which patched 1,200 CVEs in total."

The actively exploited vulnerability in question is CVE-2022-37969 (CVSS score: 7.8), a privilege escalation flaw affecting the Windows Common Log File System (CLFS) Driver, which could be leveraged by an adversary to gain SYSTEM privileges on an already compromised asset.

"An attacker must already have access and the ability to run code on the target system. This technique does not allow for remote code execution in cases where the attacker does not already have that ability on the target system," Microsoft said in an advisory.

The tech giant credited four different sets of researchers from CrowdStrike, DBAPPSecurity, Mandiant, and Zscaler for reporting the flaw, which may be an indication of widespread exploitation in the wild, Greg Wiseman, product manager at Rapid7, said in a statement.

CVE-2022-37969 is also the second actively exploited zero-day flaw in the CLFS component after CVE-2022-24521 (CVSS score: 7.8), the latter of which was resolved by Microsoft as part of its April 2022 Patch Tuesday updates.

It's not immediately clear if CVE-2022-37969 is a patch bypass for CVE-2022-24521. Other critical flaws of note are as follows -

*   **CVE-2022-34718** (CVSS score: 9.8) - Windows TCP/IP Remote Code Execution Vulnerability
*   **CVE-2022-34721** (CVSS score: 9.8) - Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability
*   **CVE-2022-34722** (CVSS score: 9.8) - Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability
*   **CVE-2022-34700** (CVSS score: 8.8) - Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
*   **CVE-2022-35805** (CVSS score: 8.8) - Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability

"An unauthenticated attacker could send a specially crafted IP packet to a target machine that is running Windows and has IPSec enabled, which could enable a remote code execution exploitation," Microsoft said about CVE-2022-34721 and CVE-2022-34722.

Also resolved by Microsoft are 15 remote code execution flaws in Microsoft ODBC Driver, Microsoft OLE DB Provider for SQL Server, and Microsoft SharePoint Server and five privilege escalation bugs spanning Windows Kerberos and Windows Kernel.

The September release is further notable for patching yet another elevation of privilege vulnerability in the Print Spooler module (CVE-2022-38005, CVSS score: 7.8) that could be abused to obtain SYSTEM-level permissions.

Lastly, included in the raft of security updates is a fix released by chipmaker Arm for a speculative execution vulnerability called Branch History Injection or Spectre-BHB (CVE-2022-23960) that came to light earlier this March.

"This class of vulnerabilities poses a large headache to the organizations attempting mitigation, as they often require updates to the operating systems, firmware and in some cases, a recompilation of applications and hardening," Jogi said. "If an attacker successfully exploits this type of vulnerability, they could gain access to sensitive information."

**Software Patches from Other Vendors**

Aside from Microsoft, security updates have also been released by other vendors since the start of the month to rectify dozens of vulnerabilities, including —

*   Adobe
*   Android
*   Apache Projects
*   Apple
*   Cisco
*   Citrix
*   Dell
*   F5
*   Fortinet
*   GitLab
*   Google Chrome
*   HP
*   IBM
*   Lenovo
*   Linux distributions Debian, Oracle Linux, Red Hat, SUSE, and Ubuntu
*   MediaTek
*   NVIDIA
*   Qualcomm
*   Samba
*   SAP
*   Schneider Electric
*   Siemens
*   Trend Micro
*   VMware, and
*   WordPress (which is dropping support for versions 3.7 through 4.0 starting December 1, 2022)

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Microsoft's Latest Security Update Fixes 64 New Flaws, Including a Zero-Day

A zero-day flaw in the latest version of a WordPress premium plugin known as WPGateway is being actively exploited in the wild, potentially allowing malicious actors to completely take over affected sites.
Tracked as CVE-2022-3180 (CVSS score: 9.8), the issue is being weaponized to add a malicious administrator user to sites running the WPGateway plugin, WordPress security company Wordfence

A zero-day flaw in the latest version of a WordPress premium plugin known as WPGateway is being actively exploited in the wild, potentially allowing malicious actors to completely take over affected sites.

Tracked as **CVE-2022-3180** (CVSS score: 9.8), the issue is being weaponized to add a malicious administrator user to sites running the WPGateway plugin, WordPress security company Wordfence noted.

"Part of the plugin functionality exposes a vulnerability that allows unauthenticated attackers to insert a malicious administrator," Wordfence researcher Ram Gall said in an advisory.

WPGateway is billed as a means for site administrators to install, backup, and clone WordPress plugins and themes from a unified dashboard.

The most common indicator that a website running the plugin has been compromised is the presence of an administrator with the username "rangex."

Additionally, the appearance of requests to "//wp-content/plugins/wpgateway/wpgateway-webservice-new.php?wp\_new\_credentials=1" in the access logs is a sign that the WordPress site has been targeted using the flaw, although it doesn't necessarily imply a successful breach.

Wordfence said it blocked over 4.6 million attacks attempting to take advantage of the vulnerability against more than 280,000 sites in the past 30 days.

Further details about the vulnerability have been withheld owing to active exploitation and to prevent other actors from taking advantage of the shortcoming. In the absence of a patch, users are recommended to remove the plugin from their WordPress installations until a fix is available.

The development comes days after Wordfence warned of in-the-wild abuse of another zero-day flaw in a WordPress plugin called BackupBuddy.

The disclosure also arrives as Sansec revealed that threat actors broke into the extension license system of FishPig, a vendor of popular Magento-WordPress integrations, to inject malicious code that's designed to install a remote access trojan called Rekoobe.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Over 280,000 WordPress Sites Attacked Using WPGateway Plugin Zero-Day Vulnerability

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in RD Station plugin <= 5.2.0 at WordPress.

 Verified

 Fixed

**5.4**

CVSS 3.1 score Medium severity

Report  

Monitoring Not reported to be exploited

Vulnerable versions

<= 5.2.0

PSID 

e5e265f65534

Classification 

Cross Site Request Forgery (CSRF)

OWASP Top 10 

A5: Broken Access Control

Publicly disclosed

2022-09-11

**Details**

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities were discovered by Rasi Afeef (Patchstack Alliance) in the WordPress RD Station plugin (versions <= 5.2.0).

**Solution**

Update the WordPress RD Station plugin to the latest available version (at least 5.2.1).

**References**

CVE-2022-38139: WordPress RD Station plugin <= 5.2.0 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities - Patchstack

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in RD Station plugin <= 5.1.3 at WordPress.

*   Details
*   Reviews
*   Installation
*   Support
*   Development

Hello! This is the most practical way to integrate RD Station Marketing with your WordPress site.

It automatically activates the RD Station Marketing tracking code in your WordPress pages, enabling features such as Lead Tracking and Pop ups. It also integrates the contact forms that capture Leads that convert in your website forms directly to RD Station Marketing.

More info about the version 5.0.0: https://ajuda.rdstation.com.br/hc/pt-br/articles/360054981272

Compatible with the following forms:

*   Contact Form 7
*   Gravity Forms
*   WooCommerce (only available for the checkout form)
*   Custom Scripts: you can also add custom integrations scripts in every single page or post you want.

Features:

*   Forms Integrations
*   Tracking code
*   As many integrations as you want
*   RD Station Marketing popups

A configuração do plugin é muito simples, ele já detectou automaticamente um formulário customizado que foi criado sem o uso de outros plugins e já integrou ele ao sistema do RD Station. Usando o Woocommerce ele captura todo processo que o usuário percorre para efetuar uma compra.

Achei muito restrito a dois tipos de formulários. Estou usando OptinMonster que foi pago a U$300 e simplesmente não terei o que fazer com ele. Isto me chocou. Espero que avancem neste quesito.

Olá Felipe, você tem alguma previsão para integração do plugin com o Form Craft 3?

Adicionei este plugin ao meu site para poder fazer a conexão diretamente a partir dos meus formulários em Contact Form 7. O plugin faz com que o formulário entre em looping infinito (a seta embaixo depois que você aperta botão de submit). Pelo que percebi isso aconteceu depois o último update para a versão 2.1. Uma lástima. Plugin mal testado me fez perder um tempo enorme.

Read all 5 reviews

“RD Station” is open source software. The following people have contributed to this plugin.

Contributors

*    filipenasc

**5.1.3**

*   Fixing a bug in sending legal bases using Gravity Forms

**5.1.2**

*   Update constant names

**5.1.1**

*   Removing refresh token error from Log Screen and adding clear log button
*   Fix error in the integration with advanced fields Gravity Forms
*   More info about the version 5.1.1: https://ajuda.rdstation.com.br/hc/pt-br/articles/360054981272

**5.1.0**

*   Log Screen

**5.0.5**

*   Adding products to WooCommerce mapping fields list

**5.0.4**

*   Sending drop-down menu from Contact Forms 7 as single text when Allow multiple selections aren’t checked
*   Fixing invalid data type errors

**5.0.3**

*   Sending drop-down menu from Contact Forms 7 as single text when Allow multiple selections aren’t checked
*   Fixing refresh token error

**5.0.2**

*   Adding company fields to the field mapping list

**5.0.1**

*   Fixing problem with corrupted files in version 5.0.0

**5.0**

*   Mapping fields RD Station
*   API v2 RD Station

**4.0**

*   One-click RD Station integration
*   Add tracking code, popups and new forms integrations

**3.2**

*   Add new translation keys

**3.0**

*   WooCommerce integration

**2.4**

*   Add custom scripts support

**2.3.1**

*   Ignore captcha fields

**2.3**

*   Update RD Station endpoint
*   Improve field mapping of Contact Form 7

**2.2**

*   Check post meta before saving the post

**2.0**

*   Gravity Forms field mapping

**1.1**

*   Add form\_origem field

**1.0**

*   Gravity Forms and Contact Form 7 support.

CVE-2022-38139: RD Station

Categories: News
Tags: BackupBuddy

Tags:  WordPress

Tags:  vulnerability

Tags:  exploit

Tags:  hack

Tags:  compromise

Tags:  update

We take a look at a vulnerability in popular WordPress plugin BackupBuddy, and the steps you need to take to fix it.



(Read more...)




The post BackupBuddy WordPress plugin vulnerable to exploitation, update now! appeared first on Malwarebytes Labs.

Users of WordPress may need to perform an urgent update related to the popular BackupBuddy plugin. BackupBuddy is a plugin which offers backup solutions designed to combat “hacks, malware, user error, deleted files, and running bad commands”. Unfortunately, running an older version of BackupBuddy could leave your site open to potential breaches. According to Security Week, the issue tagged as CVE-2022-31474 is down to an “insecure method of downloading the backups for local storing”. This results in people being able to grab files from the server without having been properly authenticated first.

**Traversing a WordPress installation**

The vulnerability is listed as a “Directory Traversal Vulnerability”, and affects users running BackupBuddy from version 8.5.8.0 up to 8.7.4.1. The developers make the following observations:

*   Using this vulnerability, attackers can view the contents of any file on your server which is readable by the WordPress installation. Sensitive files could be made available to the attackers, which is not something you’d want to happen.
*   The vulnerability is being actively exploited in the wild. Sometimes you get lucky and find that something has been patched before anyone can make use of it. This isn’t the case here, sadly.
*   The developers have made the security update available to anybody running BackupBuddy, regardless of version. No matter which licence you’re using, you can apply the fix. In theory, there is no need for anyone, anywhere to be running a vulnerable installation with the fix available to install.

**Next steps to take for BackupBuddy users**

*   Backup to version 8.7.5 right away. You should be doing this whether or not you’re concerned by the above security issue. Old versions of products frequently fall victim to additional security issues over time, especially if they’re no longer maintained.
*   Reset your database password if you suspect there’s been a compromise of your WordPress installation.
*   Change your WordPress salts. These are tools at your disposal used to help keep passwords for your site secure.
*   Reset and update anything else not for public consumption in your wp-config.php, for example stored API keys for other services.

**The risks of not updating your site and plugins**

WordPress is an immensely popular target for people fully invested in site compromise. Hijacked sites can be used for SEO poisoning, redirecting to malicious sites, spam, malware installation, phishing, and more.

If you’re running BackupBuddy, go and check your current version and update right away. Once that’s done, it would be wise to ensure everything else on your WordPress installation is fully up to date too. Let’s not make it easy for those up to no good: It won’t help your business, or the people who make use of your site.

BackupBuddy WordPress plugin vulnerable to exploitation, update now!

Broken Access Control vulnerability in Dean Oakley's Photospace Gallery plugin <= 2.3.5 at WordPress allows users with subscriber or higher role to change plugin settings.

*   Details
*   Reviews
*   Support
*   Development

**Description**

This plugin has been closed as of September 12, 2022 and is not available for download. This closure is temporary, pending a full review.

**Reviews**

All I get is a page with full-size images beneath each other.

Check it out http://moroccanlegacy.ca/new/gallery/

Read all 13 reviews

**Contributors & Developers**

CVE-2022-38135: Photospace Gallery

Project mission is to crowdsource the indexing and curating of plugin bug data

Adam Bannister 12 September 2022 at 11:04 UTC

Project mission is to crowdsource the indexing and curating of plugin bug data

An open source project designed to help security researchers fingerprint WordPress Plugins is seeking feedback and contributors.

Currently in beta mode, WPHash is a free-to-use web service that helps security professionals identify installed plugins and whether they contain security vulnerabilities.

To this end, it indexes 75 million SHA256 hashes for WordPress plugins – covering the vast majority available on the WordPress marketplace, along with their various versions.

The project mission is “to crowd-source the indexing and curating of WordPress plugin vulnerability data”.

**Enumeration and fingerprinting**

“WPHash’s main purpose is to provide security researchers with additional tooling in the form of a web service, which helps them in the enumeration and fingerprinting of installed WordPress plugins,” Dave Miller, WPHash architect and security engineer at Swiss IT security company Cyllective, tells The Daily Swig.

The WPHash website comprises an alphabetical index of hashes, a search function for this index, an experimental OpenAPI spec for looking up hashes and filepaths, and FAQs. Both original and normalized SHA256 checksums are indexed.

Catch up with the latest WordPress security news

“Researchers can query WPHash for known filepaths of the plugin they’re after,” says Miller. “Then, they request these filepaths on the target and calculate the SHA256 hash, which they then use to lookup plugin metadata on WPHash. This process allows them to determine exact plugin versions, and with further investigation determine if the plugin is vulnerable.”

Indexed vulnerabilities can be queried via WPHash or in researchers’ own tooling by using the raw data available on the WPHash GitHub repo.

Miller has said on Reddit that WPHash is not intended to be a direct competitor to Automattic WordPress security scanner WPScan, whose vulnerability data and tooling he concedes is currently “more curated and more complete”.

Nevertheless, WPScan fulfils Miller’s preference for freely accessing crowdsourced vulnerability information “in my own tooling without being stuck with API rate limits”.

**Call for contributors**

The scope of future development for WPHash partly hinges on the level of community support Miller can attract. At the very least, he is “dedicated to keep operating WPHash for free and try to keep improving both the REST API as well as the data behind it”.

A number of retweets on Twitter and upvotes on Reddit have signalled support for the project, suggests Miller, who hopes to enlist some co-contributors from the open source community “once people start playing around with WPHash and its data. I think I need to make it easier and start writing contribution guides to get more people involved.”

Anyone who wishes to contribute, field questions, or offer feedback to WPHash can do so by contacting Miller via his Twitter account.

Cyllective, which published a blog post documenting its research into plugin vulnerabilities in May, is sponsoring the project.

RECOMMENDED Graph-based JavaScript bug scanner discovers more than 100 zero-day vulnerabilities in Node.js libraries

WordPress project WPHash harvests 75 million hashes for detecting vulnerable plugins

Server-Side Request Forgery (SSRF) vulnerability in Rank Math SEO plugin <= 1.0.95 at WordPress.

**Rank Math SEO plugin vulnerable to Server-Side Request Forgery**

Critical severity GitHub Reviewed Published Sep 10, 2022 • Updated Sep 16, 2022

GHSA-j95r-86hx-xwxg: Rank Math SEO plugin vulnerable to Server-Side Request Forgery

The critical flaw in BackupBuddy is one of thousands of security issues reported in recent years in products that WordPress sites use to extend functionality.

Attackers are actively exploiting a critical vulnerability in BackupBuddy, a WordPress plug-in that an estimated 140,000 websites are using to back up their installations.

The vulnerability allows attackers to read and download arbitrary files from affected websites, including those containing configuration information and sensitive data such as passwords that can be used for further compromise.

WordPress security vendor Wordfence reported observing attacks targeting the flaw beginning Aug. 26, and said it has blocked close to 5 million attacks since then. The plug-in's developer, iThemes, issued a patch for the flaw on Sept. 2, more than one week after the attacks began. That raises the possibility that at least some WordPress sites using the software were compromised before a fix became available for the vulnerability.

**A Directory Traversal Bug**

In a statement on its website, iThemes described the directory traversal vulnerability as impacting websites running BackupBuddy versions 8.5.8.0 through 8.7.4.1. It urged users of the plug-in to immediately update to BackupBuddy version 8.75, even if they are not currently using a vulnerable version of the plug-in.

"This vulnerability could allow an attacker to view the contents of any file on your server that can be read by your WordPress installation," the plug-in maker warned.

iThemes' alerts provided guidance on how site operators can determine if their website has been compromised and steps they can take to restore security. These measures included resetting the database password, changing their WordPress salts, and rotating API keys and other secrets in their site-configuration file.

Wordfence said it had seen attackers using the flaw to try to retrieve "sensitive files such as the /wp-config.php and /etc/passwd file which can be used to further compromise a victim."

**WordPress Plug-in Security: An Endemic Problem**

The BackupBuddy flaw is just one of thousands of flaws that have been disclosed in WordPress environments — almost all of them involving plug-ins — in recent years.

In a report earlier this year, iThemes said it identified a total of 1,628 disclosed WordPress vulnerabilities in 2021 -- and more than 97% of them impacted plug-ins. Nearly half (47.1%) were rated as being of high to critical severity. And troublingly, 23.2% of vulnerable plug-in had no known fix.

A quick scan of the National Vulnerability Database (NVD) by Dark Reading showed that several dozen vulnerabilities impacting WordPress sites have been disclosed so far in the first week of September alone.

Vulnerable plug-ins are not the only concern for WordPress sites; malicious plug-ins are another issue. A large-scale study of over 400,000 websites that researchers at the Georgia Institute of Technology conducted uncovered a staggering 47,337 malicious plug-ins installed on 24,931 websites, most of them still active.

Sounil Yu, CISO at JupiterOne, says the risks inherent in WordPress environments are like those present in any environment that leverages plug-ins, integrations, and third-party applications to extend functionality.

"As with smartphones, such third-party components extend the capabilities of the core product, but they are also problematic for security teams because they significantly increase the attack surface of the core product," he explains, adding that vetting these products is also challenging because of their sheer number and lack of clear provenance.

"Security teams have rudimentary approaches, most often giving a cursory look at what I call the three Ps: popularity, purpose, and permissions," Yu notes. "Similar to app stores managed by Apple and Google, more vetting needs to be done by the marketplaces to ensure that malicious \[plug-ins, integrations, and third-party apps\] do not create problems for their customers," he notes.

Another problem is that while WordPress is widely used, it often is managed by marketing or Web-design professionals and not IT or security professionals, says Bud Broomhead, CEO at Viakoo.

"Installing is easy and removing is an afterthought or never done," Broomhead tells Dark Reading. "Just like the attack surface has shifted to IoT/OT/ICS, threat actors aim for systems not managed by IT, especially ones that are widely used like WordPress."

Broomhead adds, "Even with WordPress issuing alerts about plug-ins being vulnerabilities, other priorities than security may delay the removal of malicious plug-ins."

Attackers Exploit Zero-Day WordPress Plug-in Vulnerability in BackupBuddy

Issue present in pingback requests feature

Issue present in pingback requests feature

  

Researchers have gone public with a six-year-old blind server-side request forgery (SSRF) vulnerability in a WordPress Core feature that could enable distributed denial-of-service (DDoS) attacks.

In a blog post published this week (September 6), Sonar researchers detailed how they were able to exploit a vulnerability in the pingback requests feature within WordPress.

The vulnerability first surfaced in 2017, yet remains unpatched.

**Pingback problem**

Pingback requests allow WordPress authors to be notified when another website links to their blog.

The pingback functionality is exposed on the XMLRPC API, which can be accessed through the file. Using this method, other blogs can announce pingbacks.

Read more of the latest news about web security vulnerabilities

This feature could enable attackers to perform DDoS attacks by maliciously asking thousands of blogs to check for pingbacks on a single victim server, Sonar researchers explained.

Although pingbacks can be turned off via a checkbox, they are still enabled by default on WordPress instances.

It’s worth noting, the researchers pointed out, that they “couldn’t generically identify ways to leverage this behavior to take over vulnerable instances without relying on other vulnerable services”.

Rather, the bug could ease the exploitation of other vulnerabilities in the affected organization’s internal network.

**Bypassing restrictions**

Thomas Chauchefoin, vulnerability researcher at Sonar and author of the blog, told The Daily Swig: “In 2012, the risks around the pingback feature started to be known, and the WordPress maintainers introduced restrictions on the destination of such requests: they would be limited to a restricted set of ports, only public IP addresses, etc.

“In essence, our finding allows getting around some of these restrictions and targeting hosts from the local network. Attackers could use it to send requests to hosts that wouldn’t have been reachable otherwise, for instance, to exploit a vulnerability in internal services.”

He added: “This bug is in the lineage of most CVEs related to pingbacks, but the oldest indicator of a researcher documenting how to get around this specific restriction is from 2017.”

DON’T MISS WordPress warning: 140k BackupBuddy installations on alert over file-read exploitation

SonarSource researchers disclosed the issue to WordPress on January 21. It was acknowledged as a duplicate bug, according to Sonar, which was reported to the WordPress team in January 2017.

Chauchefoin added: “We reported the vulnerability on January 21 through the official channels, with a pretty standard 90-day disclosure policy. After agreeing to a 30-day extension period, we reviewed a first patch still waiting to be merged upstream. Our publication occurs 228 after our initial report.”

A WordPress Security Team spokesperson told The Daily Swig: “As identified in the Sonar blog post, this is a low-impact issue and exploiting it requires ‘\[chaining\] it to additional vulnerabilities in third-party software’.

“As such, the Security Team considers the issue a low priority.”

They added: “Because of its low severity, the team is discussing whether this issue could be fixed in public as a general hardening measure.”

**Mitigation advice**

WordPress told The Daily Swig that exploiting the bug requires “vulnerabilities in multiple systems outside of WordPress”, but that it recommends website owners always use the DNS servers provided by their hosting provider.

They added: “For the pingbacks, users can turn off pingbacks. The XMLRPC endpoint will only make the HTTP requests (detailed in the Sonar blog post) if pingbacks are open for the post being pinged.

“Website owners can (a) turn off pingbacks globally using the code snippet provided in the original post and/or (b) turn off pingbacks for their blog posts.”

Chauchefoin added: “Going public with unpatched bugs is exceptional for us and was a carefully considered decision. As we had proof that our finding collided with previous public work and that it would require significant work to weaponize against real-world environments, we believe that withholding details any longer would only disadvantage defenders.

“We would like to salute the efforts of the WordPress maintainers; even if we couldn't reach the best outcome possible, backporting fixes for the software behind 40% of all websites is not trivial!”

**Previous pingback issue**

Another vulnerability in the pingback requests feature that allowed DDoS attacks was fixed by WordPress core in 2012.

The issue, reported by Acunetix, could be abused in multiple ways, researchers reported, and was fixed “as a public hardening ticket” in WordPress Core version shortly after discovery.

RECOMMENDED Vendor disputes seriousness of firewall plugin RCE flaw

Tag

#wordpress