{"id":17627,"date":"2020-05-30T14:06:00","date_gmt":"2020-05-30T14:06:00","guid":{"rendered":"https:\/\/icrowdnewswire.com\/?p=2575280"},"modified":"2020-05-30T14:06:00","modified_gmt":"2020-05-30T14:06:00","slug":"this-faulty-wordpress-plugin-could-allow-hackers-to-wipe-your-website","status":"publish","type":"post","link":"https:\/\/ipsnews.net\/business\/2020\/05\/30\/this-faulty-wordpress-plugin-could-allow-hackers-to-wipe-your-website\/","title":{"rendered":"This faulty WordPress plugin could allow hackers to wipe your website"},"content":{"rendered":"<p><strong>Plugin flaws placed more than 200,000 websites at risk of attack<\/strong><\/p>\n<p>&nbsp;<\/p>\n<p>Researchers have uncovered two severe vulnerabilities in the PageLayer&nbsp;<a class=\"hawk-link-parsed\" href=\"https:\/\/www.techradar.com\/news\/what-is-wordpress-hosting-learn-more-about-the-worlds-most-popular-cms\" target=\"_blank\" rel=\"noopener noreferrer\">WordPress<\/a>&nbsp;plugin that could allow hackers to hijack websites that employ its design features.<\/p>\n<p>The affected plugin is used to build custom web pages via a simple drag-and-drop mechanism &#8211; a boon for users without programming expertise &#8211; and is deployed across more than 200,000 websites.<\/p>\n<aside class=\"hawk-widget\" data-render-type=\"fte\" data-skip=\"dealsy\" data-widget-type=\"seasonal\" data-widget-id=\"8028698547535134000\" data-result=\"missing\"><\/aside>\n<p>Identified by security firm Wordfence, the two bugs could also be manipulated by cybercriminals to inject rigged code, meddle with existing website content, and even perform a total content erasure.<\/p>\n<ul>\n<li><a class=\"hawk-link-parsed\" href=\"https:\/\/www.techradar.com\/news\/yet-more-wordpress-plugin-flaws-undermine-website-security\" target=\"_blank\" rel=\"noopener noreferrer\">Yet more WordPress plugin flaws undermine website security<\/a><\/li>\n<li><a class=\"hawk-link-parsed\" href=\"https:\/\/www.techradar.com\/news\/this-buggy-wordpress-plugin-allows-hackers-to-lace-websites-with-malicious-code\" target=\"_blank\" rel=\"noopener noreferrer\">This buggy WordPress plugin allows hackers to lace websites with malicious code<\/a><\/li>\n<li><a class=\"hawk-link-parsed\" href=\"https:\/\/www.techradar.com\/news\/wordpress-security-flaws-hit-online-learning-platforms\" target=\"_blank\" rel=\"noopener noreferrer\">WordPress security flaws hit online learning platforms<\/a><\/li>\n<\/ul>\n<h2 id=\"wordpress-plugin-bugs\">WordPress plugin bugs<\/h2>\n<p>According to the researchers responsible for the discovery, the pair of vulnerabilities stem from unprotected AJAX actions, nonce disclosure, and a lack of measures to safeguard against Cross-Site Request Forgery (CSRF).<\/p>\n<p>Hackers could reportedly exploit these oversights to perform all manner of malicious activities, including creating admin accounts, funnelling visitors to dangerous domains and invading a user&rsquo;s computer via the web browser.&nbsp;<\/p>\n<p>&ldquo;One flaw allowed any authenticated user with subscriber-level and above permissions the ability to update and modify posts with malicious content, amongst many other things,&rdquo; explained Wordfence.<\/p>\n<p>&ldquo;A second flaw allowed attackers to forge a request on behalf of a site&rsquo;s administrator to modify the settings of the plugin which could allow for malicious Javascript injection.&rdquo;<\/p>\n<p>The security firm disclosed the flaws on April 30 and PageLayer subsequently issued a patch on May 6, with version 1.1.2. However, despite three weeks having passed since the patch was issued, only roughly 85,000 users have updated to the latest version, leaving circa 120,000 still at risk.<\/p>\n<p>To safeguard against site takeover, PageLayer users are advised to update the plugin to the latest version immediately.<\/p>\n<p class=\"tags\">\n<div><strong>See Campaign: <\/strong><a href=\"https:\/\/www.techradar.com\/news\/what-is-wordpress-hosting-learn-more-about-the-worlds-most-popular-cms\" target=\"_blank\">https:\/\/www.techradar.com\/news\/what-is-wordpress-hosting-learn-more-about-the-worlds-most-popular-cms<\/a><br \/><b>Contact Information:<\/b><br \/>Joel Khalili <\/p>\n<p><b>Tags:<\/b><br \/><a href=\"\"><\/a>, <a href=\"https:\/\/icrowdnewswire.com\/category\/news-category\/wire\/\" rel=\"category tag\">Wire<\/a>, <a href=\"https:\/\/icrowdnewswire.com\/category\/global-regions\/united-states\/\" rel=\"category tag\">United States<\/a>, <a href=\"https:\/\/icrowdnewswire.com\/category\/language\/english\/\" rel=\"category tag\">English<\/a><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"\" alt=\"image\" width=\"400\" height=\"300\" class=\"cwdfimg\" \/><\/div>\n<div>\n<h3>Contact Information:<\/h3>\n<p>Joel Khalili <\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Plugin flaws placed more than 200,000 websites at risk of attack &nbsp; Researchers have uncovered two severe vulnerabilities in the PageLayer&nbsp;WordPress&nbsp;plugin that could allow hackers to hijack websites that employ its design features. The affected plugin is used to build custom web pages via a simple drag-and-drop mechanism &ndash; a boon for users without programming &hellip; <a href=\"https:\/\/icrowdnewswire.com\/2020\/05\/30\/this-faulty-wordpress-plugin-could-allow-hackers-to-wipe-your-website\/\">Continue reading <span>This faulty WordPress plugin could allow hackers to wipe your website<\/span><\/a> <a href=\"https:\/\/ipsnews.net\/business\/2020\/05\/30\/this-faulty-wordpress-plugin-could-allow-hackers-to-wipe-your-website\/\" class=\"more-link\">Continue Reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":106,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,22,54],"tags":[],"class_list":["post-17627","post","type-post","status-publish","format-standard","hentry","category-english","category-united-states","category-wire"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>This faulty WordPress plugin could allow hackers to wipe your website - Business<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/ipsnews.net\/business\/2020\/05\/30\/this-faulty-wordpress-plugin-could-allow-hackers-to-wipe-your-website\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"This faulty WordPress plugin could allow hackers to wipe your website - Business\" \/>\n<meta property=\"og:description\" content=\"Plugin flaws placed more than 200,000 websites at risk of attack &nbsp; Researchers have uncovered two severe vulnerabilities in the PageLayer&nbsp;WordPress&nbsp;plugin that could allow hackers to hijack websites that employ its design features. The affected plugin is used to build custom web pages via a simple drag-and-drop mechanism &ndash; a boon for users without programming &hellip; Continue reading This faulty WordPress plugin could allow hackers to wipe your website Continue Reading &rarr;\" \/>\n<meta property=\"og:url\" content=\"http:\/\/ipsnews.net\/business\/2020\/05\/30\/this-faulty-wordpress-plugin-could-allow-hackers-to-wipe-your-website\/\" \/>\n<meta property=\"og:site_name\" content=\"Business\" \/>\n<meta property=\"article:published_time\" content=\"2020-05-30T14:06:00+00:00\" \/>\n<meta name=\"author\" content=\"Waqas Awan\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Waqas Awan\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/ipsnews.net\/business\/2020\/05\/30\/this-faulty-wordpress-plugin-could-allow-hackers-to-wipe-your-website\/\",\"url\":\"http:\/\/ipsnews.net\/business\/2020\/05\/30\/this-faulty-wordpress-plugin-could-allow-hackers-to-wipe-your-website\/\",\"name\":\"This faulty WordPress plugin could allow hackers to wipe your website - Business\",\"isPartOf\":{\"@id\":\"https:\/\/ipsnews.net\/business\/#website\"},\"datePublished\":\"2020-05-30T14:06:00+00:00\",\"author\":{\"@id\":\"https:\/\/ipsnews.net\/business\/#\/schema\/person\/46e7a3c31ebaa3d111acaa0daf39976f\"},\"breadcrumb\":{\"@id\":\"http:\/\/ipsnews.net\/business\/2020\/05\/30\/this-faulty-wordpress-plugin-could-allow-hackers-to-wipe-your-website\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/ipsnews.net\/business\/2020\/05\/30\/this-faulty-wordpress-plugin-could-allow-hackers-to-wipe-your-website\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/ipsnews.net\/business\/2020\/05\/30\/this-faulty-wordpress-plugin-could-allow-hackers-to-wipe-your-website\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/ipsnews.net\/business\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"This faulty WordPress plugin could allow hackers to wipe your website\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/ipsnews.net\/business\/#website\",\"url\":\"https:\/\/ipsnews.net\/business\/\",\"name\":\"Business\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/ipsnews.net\/business\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/ipsnews.net\/business\/#\/schema\/person\/46e7a3c31ebaa3d111acaa0daf39976f\",\"name\":\"Waqas Awan\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/ipsnews.net\/business\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/3453ff882f8bf8f7e605d09dc0750c5759cb895a2d09c18a38d07b424e7f6a29?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/3453ff882f8bf8f7e605d09dc0750c5759cb895a2d09c18a38d07b424e7f6a29?s=96&d=mm&r=g\",\"caption\":\"Waqas Awan\"},\"sameAs\":[\"https:\/\/icrowdnewswire.com\/fc\"],\"url\":\"https:\/\/ipsnews.net\/business\/author\/waqas-awan\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"This faulty WordPress plugin could allow hackers to wipe your website - Business","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/ipsnews.net\/business\/2020\/05\/30\/this-faulty-wordpress-plugin-could-allow-hackers-to-wipe-your-website\/","og_locale":"en_US","og_type":"article","og_title":"This faulty WordPress plugin could allow hackers to wipe your website - Business","og_description":"Plugin flaws placed more than 200,000 websites at risk of attack &nbsp; Researchers have uncovered two severe vulnerabilities in the PageLayer&nbsp;WordPress&nbsp;plugin that could allow hackers to hijack websites that employ its design features. The affected plugin is used to build custom web pages via a simple drag-and-drop mechanism &ndash; a boon for users without programming &hellip; Continue reading This faulty WordPress plugin could allow hackers to wipe your website Continue Reading &rarr;","og_url":"http:\/\/ipsnews.net\/business\/2020\/05\/30\/this-faulty-wordpress-plugin-could-allow-hackers-to-wipe-your-website\/","og_site_name":"Business","article_published_time":"2020-05-30T14:06:00+00:00","author":"Waqas Awan","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Waqas Awan","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/ipsnews.net\/business\/2020\/05\/30\/this-faulty-wordpress-plugin-could-allow-hackers-to-wipe-your-website\/","url":"http:\/\/ipsnews.net\/business\/2020\/05\/30\/this-faulty-wordpress-plugin-could-allow-hackers-to-wipe-your-website\/","name":"This faulty WordPress plugin could allow hackers to wipe your website - Business","isPartOf":{"@id":"https:\/\/ipsnews.net\/business\/#website"},"datePublished":"2020-05-30T14:06:00+00:00","author":{"@id":"https:\/\/ipsnews.net\/business\/#\/schema\/person\/46e7a3c31ebaa3d111acaa0daf39976f"},"breadcrumb":{"@id":"http:\/\/ipsnews.net\/business\/2020\/05\/30\/this-faulty-wordpress-plugin-could-allow-hackers-to-wipe-your-website\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/ipsnews.net\/business\/2020\/05\/30\/this-faulty-wordpress-plugin-could-allow-hackers-to-wipe-your-website\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/ipsnews.net\/business\/2020\/05\/30\/this-faulty-wordpress-plugin-could-allow-hackers-to-wipe-your-website\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/ipsnews.net\/business\/"},{"@type":"ListItem","position":2,"name":"This faulty WordPress plugin could allow hackers to wipe your website"}]},{"@type":"WebSite","@id":"https:\/\/ipsnews.net\/business\/#website","url":"https:\/\/ipsnews.net\/business\/","name":"Business","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/ipsnews.net\/business\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/ipsnews.net\/business\/#\/schema\/person\/46e7a3c31ebaa3d111acaa0daf39976f","name":"Waqas Awan","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/ipsnews.net\/business\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/3453ff882f8bf8f7e605d09dc0750c5759cb895a2d09c18a38d07b424e7f6a29?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3453ff882f8bf8f7e605d09dc0750c5759cb895a2d09c18a38d07b424e7f6a29?s=96&d=mm&r=g","caption":"Waqas Awan"},"sameAs":["https:\/\/icrowdnewswire.com\/fc"],"url":"https:\/\/ipsnews.net\/business\/author\/waqas-awan\/"}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/ipsnews.net\/business\/wp-json\/wp\/v2\/posts\/17627","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ipsnews.net\/business\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ipsnews.net\/business\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ipsnews.net\/business\/wp-json\/wp\/v2\/users\/106"}],"replies":[{"embeddable":true,"href":"https:\/\/ipsnews.net\/business\/wp-json\/wp\/v2\/comments?post=17627"}],"version-history":[{"count":1,"href":"https:\/\/ipsnews.net\/business\/wp-json\/wp\/v2\/posts\/17627\/revisions"}],"predecessor-version":[{"id":17628,"href":"https:\/\/ipsnews.net\/business\/wp-json\/wp\/v2\/posts\/17627\/revisions\/17628"}],"wp:attachment":[{"href":"https:\/\/ipsnews.net\/business\/wp-json\/wp\/v2\/media?parent=17627"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ipsnews.net\/business\/wp-json\/wp\/v2\/categories?post=17627"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ipsnews.net\/business\/wp-json\/wp\/v2\/tags?post=17627"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}