Thursday, May 26, 2022
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory
  • Login
  • Register
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • How-Tos
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • Video
No Result
View All Result
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • How-Tos
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • Video
No Result
View All Result
Cloud7 News
No Result
View All Result

Home > Cybersecurity > Flaws in WP Time Capsule and InfiniteWP are affecting 320,000 sites

Flaws in WP Time Capsule and InfiniteWP are affecting 320,000 sites

Seda Nur Cinar by Seda Nur Cinar
January 15, 2020
in Cybersecurity, Software
2 min read
0 0
0
Flaws in WP Time Capsule and InfiniteWP are affecting 320,000 sites
9
SHARES
56
VIEWS
Share on FacebookShare on TwitterShare on EmailFollow on Google News

The team at WebArx, a security firm specializing in WordPress and other CRM and publishing platforms, reported the flaws in WP Time Capsule and InfiniteWP.

The team at WebArx discovered critical auth bypass vulnerability in InfiniteWP Client and WP Time Capsule while monitoring the code of popular plugins of their customers. The InfiniteWP Client and WP Time Capsule plugins give access to the administrator account without the need for a password in each case, because of the logical issues in the code.

General firewall protection is not enough

“Because authentication bypass vulnerabilities are often logical mistakes in the code and don’t actually involve a suspicious-looking payload, it can be hard to find and determine where these issues come from,” WebArx says.

They noted that it’s hard to block this vulnerability with general firewall rules. Therefore, WebArx coded a new feature in their firewall just to be able to block this vulnerability. The security firm warned other customers who use a firewall by another company to ask whether their firewall is blocking these particular vulnerabilities.

Management of the InfiniteWP Client plugin is active on over 300,000 websites. In the case of InfiniteWP, a user who only knows the username of an administrator on the site can send raw to the site in a POST request after encoding the payload with JSON in Base64. Then, this user can automatically be logged in to administration account.

A backup tool running on around 20,000 sites, WP Time Capsule only needs to contain a certain string in the body of the raw POST request without the need for the payload to be encoded. It allows admin access to the site without code authentication.

Source: 1

See more Cyber Security News


Tags: InfiniteWP ClientWebArxWordPressWP Time Capsule
Share9TweetSendShare
Get free daily newsletters from Cloud7 News Get the Cloud7 Newsletter

Check your inbox or spam folder to confirm your subscription.

By subscribing, you agree to our
Copyright Policy and Privacy Policy
Previous Post

Ubuntu 19.04 is reaching end of life on January 23

Next Post

New head of sales for cloud division at Amazon

Seda Nur Cinar

Seda Nur Cinar

Seda Nur Cinar is the news editor of the Cloud7 News. With more than 8 years of Linux and cloud experience, Seda is a Linux and opensource enthusiast, security researcher and a web application developer.

Related News

StackPatch unveils new WAF packages

StackPath unveils new WAF packages

May 24, 2022 4:56 pm

Word files embedded in PDF files are carrying keyloggers

May 24, 2022 2:24 pm
QNAP NAS devices are vulnerable once more

QNAP NAS devices are vulnerable once more

May 24, 2022 2:14 pm
Russian bank is under heavy DDoS attack

Russian bank is under heavy DDoS attack

May 23, 2022 3:28 pm
Next Post
New head of sales for cloud division at Amazon

New head of sales for cloud division at Amazon

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Editor's Choice

Interview with Igor Seletskiy on AlmaLinux

7 best hosting control panels

How to update Linux Kernel without rebooting?

7 best Linux mail servers for 2022

7 best cPanel alternatives for 2022

7 best Linux web browsers for 2022

cPanel Security: 7 steps to secure cPanel

7 best CentOS alternatives

7 best Linux server distros for 2022

How to scan your server for Log4j (Log4Shell) vulnerability

Best web hosting service providers

AlmaLinux 8.6 Stable is ready to download

Ubuntu 22.04 LTS is available for download. What is new?

Advertisement

Recent News

  • Samsung and Red Hat teaming up for next-generation memory software
  • Microsoft introduced open-source XDP for Windows
  • Nvidia has announced new hardware focusing on AI-enabled data centers
  • Ubuntu 22.04 LTS has received new kernel security updates
  • NGINX 1.22 is released

Our Latest Interview

Interview: Erez Barak, Vice President Observability of Sumo Logic
Interview

Interview: Erez Barak, Vice President Observability of Sumo Logic

by Atalay Kelestemur
November 25, 2021 3:23 am


Cloud7 News is a news source that publishes the latest news, industry news and exclusive interviews on web hosting, cloud computing, data center, cybersecurity and linux.

News Categories

  • Web Hosting
  • Cloud Computing
  • Data Center
  • Cybersecurity
  • Linux
  • Network/Internet
  • Software
  • Hardware
  • Blockchain

Our Free Modules

  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

Get the Cloud7 Newsletter

Get FREE daily newsletters from Cloud7 delivering the latest news and reviews.

  • About Us
  • Privacy & Policy
  • Copyright Policy
  • Contact

© 2022, Cloud7 News. Latest Cloud Computing, Web Hosting, Data Center Industry and Tech News

No Result
View All Result
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • How-Tos
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • Video
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

© 2022, Cloud7 News. Latest Cloud Computing, Web Hosting, Data Center Industry and Tech News

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

*By registering into our website, you agree to the Terms & Conditions and Privacy Policy.
All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.