Page Layer Wordpress plugin has security flaw allows hackers to wipe your website - Navi Era - Tech | Tutorial | Tips and Tricks

Breaking

Sunday, May 31, 2020

Page Layer Wordpress plugin has security flaw allows hackers to wipe your website

WordPress is a very popular platform where you can create a website/ blog and share your knowledge with the world. If you want to add some useful features on your website then you have to use some plugins that will give you extra features on for your website and here Page layer WordPress plugin helps you to create a page for your website without any coding knowledge.
Page Layer Wordpress plugin has security flaw allows hackers to wipe your website
Page Layer WordPress plugin has a security flaw that allows hackers to wipe your website

What is Page Layer Plugin?

Page Layer Plugin is a WordPress plugin and a tool that allows you to built a custom web page on your website using a drag-drop mechanism. Its a boon for that user who doesn't have any programming knowledge. This plugin allows you to design any page according to your need which means you can build a custom web page via a simple drag-drop mechanism and more than 200,000 websites use this plugin on WordPress.

Researchers have found two severe vulnerabilities in the page layer WordPress plugin that could allow hackers to hijack your websites that employ its design features.

This vulnerability identified by security firm Wordfence, the two bugs could also be manipulated by cybercriminals to inject rigged code, tamper with existing website content, and even perform the removal of writing content material, or data.

“One flaw allowed any authenticated user with subscriber-level and above permissions the ability to update and modify posts with malicious content, amongst many other things,” explained Wordfence.

“A second flaw allowed attackers to forge a request on behalf of a site’s administrator to modify the settings of the plugin which could allow for malicious Javascript injection.”

The security firm disclosed the flaws on April 30 and PageLayer subsequently issued a patch on May 6, with version 1.1.2. (Current version 1.1.4) However, 3 weeks have passed since the patch was released and only 85000 users have updated their plugin to the latest version and still 120,000 users at risk.

To safeguard your website from hackers, Page Layer users are advised to update the plugin to the latest version immediately.



4 comments:

  1. So funcy to see the article within this blog. Thank you for posting it new york web design company

    ReplyDelete
  2. Hello super schöner Webblog den ihr da habt. Bin gerade über die Google Suche darüber gestolpert. Gefällt mir echt super gut. macht weiter so. MFG Martina web design new york

    ReplyDelete
  3. This comment has been removed by the author.

    ReplyDelete

If you like this Post then plz do comment on Comment box, thank you