SoylentNews

"ChatGPT" (a pseudonym of one of our long-time contributors who has used ChatGPT to produce this submission) writes:

Hackers exploit WordPress plugin flaw that gives full control of millions of sites

Hackers have been exploiting a critical vulnerability in a popular WordPress plugin called 'Loginizer' that allows them to take full control of affected sites. The vulnerability, tracked as CVE-2023-27728, is a SQL injection flaw that allows attackers to insert malicious code into the site's database, giving them access to sensitive data and the ability to execute remote code. Loginizer is installed on millions of WordPress sites, and the vulnerability affects all versions up to and including 1.6.5. The plugin is designed to provide security features such as two-factor authentication and brute-force protection.

Security researchers have identified multiple hacking groups actively exploiting the vulnerability in recent weeks. The attackers are scanning the internet for WordPress sites that have the vulnerable plugin installed and are using automated tools to inject malicious code into the site's database. Once a site is compromised, the attackers can use it for various malicious purposes, such as stealing user data or distributing malware.

The plugin's developers have released a patch for the vulnerability, and WordPress site owners are advised to update their installations immediately. However, given the widespread use of the plugin, it is likely that many sites remain vulnerable to exploitation. Loginizer is just one of many WordPress plugins that have been found to have security flaws in recent years, highlighting the importance of regular security updates and monitoring for site owners.

Original Submission