A vulnerability has been discovered in the "All In One WordPress Migration" WordPress plugin.
All versions earlier than, and including 6.97 contain a vulnerability which allows Cross-Site Scripting (XSS).
With over 2 million active installations, this vulnerability has the potential to be high impact, however, this is lessened by the nature of the vulnerability, which requires either an admin account or database compromise to already be in place. (e.g your site or hosting account would have had to be hacked via another method already for this to work)
The vulnerability can be tested by going to the backup history within your WordPress admin dashboard and double clicking the backup description. The edit box allows for un-sanitised input which allows malicious users to run queries on the database.
All users should upgrade to version 7.0 or above (released on July 17th 2019) immediately to avoid any potential compromise of their website.
Truth be told, it’s difficult for a web application that doesn’t have some kind of identification, even if you don’t see it as a security measure in and of itself. The Internet is a kind of lawless land, and even on free services like Google’s, authentication ensures that abuses will...
MongoDB is a document-oriented NoSQL database, which was born in 2007 in California as a service to be used within a larger project, but which soon became an independent and open-source product. It stores documents in JSON, a format based on JavaScript and simpler than XML, but still with good...
Although data persistence is almost always a fundamental element of applications, Node.js has no native integration with databases. Everything is delegated to third-party libraries to be included manually, in addition to the standard APIs. Although MongoDB and other non-relational databases are the most common choice with Node because if you...
Related Posts
Comments