Home Latest Cyber Security News | Network Security Hacking Multiple Vulnerabilities Spotted In Hide My WP WordPress Plugin

Multiple Vulnerabilities Spotted In Hide My WP WordPress Plugin

by Abeerah Hashim
LayerSlider WordPress plugin had an SQL injection vulnerability

Numerous vulnerabilities in Hide My WP plugin WordPress plugin could pose serious security risks to WordPress websites. Since the developers have patched the flaws, users should ensure updating their sites with the latest plugin version to remain safe.

Hide My WP Plugin Vulnerabilities

Reportedly, the CTO of WordPress security-aimed service Patchstack, Dave Jong, has caught two different bugs affecting the Hide My WP WordPress plugin.

Briefly, Hide My WP is a dedicated plugin from wpWave that aims at securing WordPress websites from cyber threats. According to the description on the plugin page,

It also hides your wp login URL and renames admin URL. It detects and blocks XSS, SQL Injection type of security attacks on your WordPress website.

Regarding the vulnerabilities, Jong explained in a post that he found SQL injection flaws in Hide My WP plugin. Describing the details in the post, Jong stated about the bug,

The SQL injection vulnerability in this plugin existed because of how the IP address is retrieved and how it is used inside of a SQL query.

In addition, Jong also found another vulnerability in the plugin that could allow the attackers to deactivate the software. According to The Daily Swig, Jong found that exploiting this bug did not require authentication. As he told the media site,

The other vulnerability is less severe, “but could, under the right conditions, cause a malicious user to continue exploitation of a different vulnerability.”

Patched Plugin Version Released

Jong confirmed that the plugin developers have patched the bugs with the release of plugin version 6.2.4. Hence, all WordPress users running Hide My WP plugin on their sites should update the plugin at the earliest to avoid potential risks.

Besides, users should also ensure taking necessary security measures to prevent SQLi attacks on their sites.

Let us know your thoughts in the comments.

You may also like

1 comment

tom November 29, 2021 - 4:24 am

by one of the new York

Comments are closed.