Numerous vulnerabilities in Hide My WP plugin WordPress plugin could pose serious security risks to WordPress websites. Since the developers have patched the flaws, users should ensure updating their sites with the latest plugin version to remain safe.
Hide My WP Plugin Vulnerabilities
Reportedly, the CTO of WordPress security-aimed service Patchstack, Dave Jong, has caught two different bugs affecting the Hide My WP WordPress plugin.
Briefly, Hide My WP is a dedicated plugin from wpWave that aims at securing WordPress websites from cyber threats. According to the description on the plugin page,
It also hides your wp login URL and renames admin URL. It detects and blocks XSS, SQL Injection type of security attacks on your WordPress website.
The SQL injection vulnerability in this plugin existed because of how the IP address is retrieved and how it is used inside of a SQL query.
In addition, Jong also found another vulnerability in the plugin that could allow the attackers to deactivate the software. According to The Daily Swig, Jong found that exploiting this bug did not require authentication. As he told the media site,
The other vulnerability is less severe, “but could, under the right conditions, cause a malicious user to continue exploitation of a different vulnerability.”
Patched Plugin Version Released
Jong confirmed that the plugin developers have patched the bugs with the release of plugin version 6.2.4. Hence, all WordPress users running Hide My WP plugin on their sites should update the plugin at the earliest to avoid potential risks.
Besides, users should also ensure taking necessary security measures to prevent SQLi attacks on their sites.
Let us know your thoughts in the comments.