A vulnerability has been discovered in the "All In One WordPress Migration" WordPress plugin.
All versions earlier than, and including 6.97 contain a vulnerability which allows Cross-Site Scripting (XSS).
With over 2 million active installations, this vulnerability has the potential to be high impact, however, this is lessened by the nature of the vulnerability, which requires either an admin account or database compromise to already be in place. (e.g your site or hosting account would have had to be hacked via another method already for this to work)
The vulnerability can be tested by going to the backup history within your WordPress admin dashboard and double clicking the backup description. The edit box allows for un-sanitised input which allows malicious users to run queries on the database.
All users should upgrade to version 7.0 or above (released on July 17th 2019) immediately to avoid any potential compromise of their website.
If you find your cPanel disk space filling up, or an email address has hit its disk space quota, cPanel has a helpful built in Email Disk Usage tool. This will provide you with a simple to understand breakdown of how much disk space each folder for a particular email...
Although WHM will normally automatically keep itself up to date, you may want to manually check for server updates / push through an update that is pending, or it may be that you have automatic updates switched off on your cPanel server. In this guide we will show you how...
You may sometimes need to manually adjust the PHP settings on your cPanel server – for example if a site is hitting the PHP memory, or file size upload limit. WHM allows you to quickly change the settings of any PHP version installed on the server when needed, using the...
Related Posts
Comments