Popular Posts
-
Elegant Themes has been developing WordPress themes for a long time. It has developed lots of popular themes including Divi, Nexus, Fa...
-
It has not only changed the traditional perspective of buyers and sellers, but also revolutionized the entire concept of retail busine...
-
How to start a blog or website in 5 minutes with WordPress. After publishing the post on how I started blogging full-time, I'v...
-
Hello there! My blog post 'Spikes' was published on Sept. 22nd; however, the post before it called 'Flow' was published on...
-
This is a popular and the best bookstore WordPress themes that suit you for your e-commerce such as eBooks website. This feature...
-
This is part of our "Learn WordPress" series. In this post, you will find out how to properly set up WordPress after creati...
-
Google has some big plans when it comes to making the web faster on your mobile phone. The company just added AMP-enabled pages in its mobil...
-
October 13, 2015 by shamim_mahi I find the most effective way of keeping track of comments on your blog posts is to look on the WordP...
-
Are you fed up with your daytime job and wants to become a full-time blogger? You are being bored on the daily basis to work from mornin...
-
Media Temple is launching a new enterprise-grade WordPress hosting solution today. That would be interesting by itself, but the twist here i...
Vulnerability patched in Google Analyticator Wordpress Plugin
Revealed by security researcher Nitin Venkatesh on Friday, a security advisory posted on Full Disclosure detailed a flaw found within the Google Analyticator Wordpress plugin, used by webmasters to view Google Analytics data within a Wordpress dashboard.
The plugin, downloaded over 3.5 million times, contains a number of widgets for displaying analytics data in the admin dashboard and on blogs, but a security issue has been found within cache settings.
Discovered in version 6.4.9.3, the security vulnerability allows for Cross-Site Request Forgery (CSRF) and for "the administrative actions allowed by the plugin to be exploited [...] which could be used to disrupt the functionality provided by the plugin," according to Venkatesh. The researcher says that in theory, an authenticated user could visit a website belonging to an attacker where requests -- such as cache clearing and resets -- could be submitted through vulnerable URLS using the authenticated user's session.
Actions could then be performed without the user's consent or knowledge.
The vulnerability was submitted on the Wordpress support forum on June 2 with proof-of-concept examples. Following discussion of the flaw, the Google Analyticator plugin developer updated and patched the security vulnerability on June 18. In order to avoid encountering this security vulnerability, web developers should update their plugin to version 6.4.9.3.
In May a critical security flaw was discovered in the Twenty Fifteen theme and plugin, placing millions of users at risk. Installed in new Wordpress websites by default, the theme's genericons package is loaded with an insecure file dubbed example.html, which is vulnerable to a Document Object Model (DOM)-based XSS vulnerability.
Read on: Top picks
Source: Vulnerability patched in Google Analyticator Wordpress Plugin
0 comments:
Post a Comment