Critical Vulnerability WordPress Plugin "MapPress Maps"

1 6


A significant vulnerability was found with MapPress Maps for WordPress  Alert Logic researchers warned Wordpress admin. When used, the flaw could enable an attacker to interfere with the Personal Home Page(PHP) files and even remotely execute codes.

 AJAX features related to the creation, removal or recovery of PHP files were not properly verified by the error. The bug affects over 80,000 websites. 

An authorised hacker can even remove any existing PHP file from the site by sending the $ POST request to wp-admin/admin-ajax.php, with a mapp tpl delete action parameter, and delete a basename for the file.

For example in the case a routing attack may be used to delete wp-config.php with .. / .. / .. /wp-config. for this name parameter. It could cause the website to reset, at which time an attacker might access the site by setting them up and linking them to a malicious database remotely host.



2
$ 0.00
Sponsors of Secure
empty
empty
empty

Comments

The article is technically written. Try to use images next time to add more values to your work. Thanks.

$ 0.00
4 years ago

Okay Thanks for you comment Will do that next time

$ 0.00
4 years ago

It is a pleasure receiving your feedback. I will like to read more articles from you. Thanks.

$ 0.00
4 years ago

🆗

$ 0.00
4 years ago