Vulnerabilities in ProfilePress WordPress Plugin and avoid using security patches

Hello, WordPress admins. There is an important announcement, there are many security vulnerabilities were discovered in ProfilePress WordPress plugin that could take over site completely. WordPress released some security patches make sure you have your WordPress updated.

Discovered Vulnerabilities in Multiple ProfilePress WordPress Plugin

As a team in the Wordfence has shared some of the vulnerabilities raised in the ProfilePress WordPress plugin in their recent research published in a post. The researchers named the recently founded critical security issues as WP User Avatar where it boasts over 4 lakhs active installation which seems it affect thousands of websites which are in potentially risk state.

The researchers recently identified four vulnerabilities which are looks different and all holds critical severity rating of 9.8 score of CVSS. The following are the vulnerabilities found,

These vulnerabilities could upload arbitrary files in to the target sites which then gains the admin access and takes the complete control of the site. These exploits would work even the user registration is disabled and it takes the control without requiring the authentication.

Security Patches

The plugin version from 3.0 to 3.1.3 has higher vulnerabilities and the researchers reported, the developers patched all the vulnerabilities and released the new plugin in the version 3.1.4. By following this version, the developers released other fixes in the subsequent version. Hence, the recent plugin version 3.1.8 named ad ProfilePRess.

So, all WordPress admins running this plugin should update they’re at earlier to avoid the vulnerability attack. WordPress with vulnerable plugins would attack other websites too. So, keeping all the plugins updated is only the method to avoid cyber threats against websites.

You can follow us on Facebook and Twitter to get the latest WordPress tutorials and News.

Leave a Comment