QUICK NEWS

{NEW} - A new css video is up.

{OLD} - New video courtesy of Skhilled, Thanks for posting it up.

Video of the moment:


Internal Links

SMF Sites

Quick Info

WordPress Plugins and Themes Hacked

Started by Skhilled, Jan 25, 2022, 10:16 AM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

Skhilled


Bigguy

I don't have many plugins installed on the one site I have running that and I'm sure I don't have any themes from that site mentioned. I was in there today and updated a few mods. All seemed fine.
"It's the American dream....cause ya have to be asleep to believe it." - George Carlin

Skhilled


LandyVlad

Good heads up, I also don't use any of their stuff as far as I know. Certainly not themes.
Please do not PM me with questions on astrophysics or theology.  You will get better and faster responses by asking homeless people in the street. Thank you.

Oldiesmann

The only themes and plugins I have on my test site are ones I've installed directly from WP.
Christian Metal Fans - https://www.christianmetal.fans

Skhilled


Oldiesmann

More vulnerabilities related to WordPress plugins, this time with the "Essential Addons for Elementor" plugin: https://thehackernews.com/2022/02/critical-bug-found-in-wordpress-plugin.html
Christian Metal Fans - https://www.christianmetal.fans

Oldiesmann

One thing I don't understand about this though is the claim that it can be used to include critical system files such as /etc/passwd. Unless PHP is configured incorrectly, you cannot do this - open_basedir would prevent you from accessing that (for instance, on my server it won't let you access anything outside the account's root directory except for /tmp)
Christian Metal Fans - https://www.christianmetal.fans

Skhilled

You've scared me for a bit! LMAO I have Happy Elementor Addons and thought I had Essential Addons for Elementor...had to go check and was in panic mode! :rflmao

Oldiesmann

Even if you did have it, the risk of them being able to pull in critical system files such as /etc/passwd is low unless your server is badly configured (on most setups, PHP's open_basedir restrictions would prevent you from being able to even access that file from a PHP script - on my server it won't allow access to anything outside the account root except for /tmp)
Christian Metal Fans - https://www.christianmetal.fans

Skhilled

Yes, but that's just me. Been watching the security sites for many years. I just finally got back to posting about cause there have been so many lately.

I think companies have got way too lax or just don't care anymore or trying to save money by not upgrading as well as the trouble of doing it. About a year ago, I went to my bank's ATM. Something was wrong with it when I tried to withdraw some cash so it rebooted. The Win 8 logo came up on the screen! WTF! For a bank?!?!?! I was pissed! I called them up and told them off! LOL

Oldiesmann

I still remember laughing at all the banks freaking out when Microsoft dropped Windows XP support in 2014.
Christian Metal Fans - https://www.christianmetal.fans