Most prominent bugs have been found in two of the word press plug-ins this week. The hackers reported that an old vulnerable activity is found in the WordPress plug-ins.
The name of this plug-ins is WP cost Estimation and Payment form builder, and the other one is Simple Social Buttons Plug-in.
Although, the bugs present in all versions prior to 9.660 has been fixed. All those who are using the old version are encouraged to update into the latest version.
Mike Bittner, the digital security and operations manager at The Media Trust said that,
Developers of plug-in and themes are incentivized to develop a product that sells. Few such developers are incentivized to build security and privacy into the development cycle, especially when product lifecycles are brief.
On the other hand, the simple social buttons plug-in if taking over by any of the hackers in the world then it is very easy for them to take control of the Administration accounts or the whole websites.
Bryan Becker, the application security research in whitehat Security said that,
WordPress’s latest vulnerability once again emphasizes the challenges and risks of using a large body of third-party–maintained code,
Mikey Veenstra, the threat analyst on Wordfence wrote in an email that,
Because the vulnerability in Simple Social Buttons requires that the attacker have access to a registered user, there aren’t going to be much in the way of widespread attacks against the flaw.
However, if a site allows open user registration, an attacker could take advantage of the flaw and gain unauthorized access to the affected site,
The main thing which we all needs to do now is to update these plug-ins as soon as possible. Because hackers can easily attacks on your website anytime in the future.