Researchers find serious flaws in WordPress plugins used on 400k sites

Enlarge (credit: Frank Lindecke / Flickr)
Serious vulnerabilities have recently come to light in three WordPress plugins that have been installed on a combined 400,000 websites, researchers said. InfiniteWP, WP Time Capsule, and WP Database Reset are all affected.
The highest-impact flaw is an authentication bypass vulnerability in the InfiniteWP Client, a plugin installed on more than 300,000 websites. It allows administrators to manage multiple websites from a single server. The flaw lets anyone log in to an administrative account with no credentials at all. From there, attackers can delete contents, add new accounts, and carry out a wide range of other malicious tasks.
People exploiting the vulnerability need only know the user name of a valid account and include a malicious payload in a POST request that’s sent to a vulnerable site. According to Web application firewall provider Wordfence, the vulnerability stems from a feature that allows legitimate users to automatically


Original URL: https://arstechnica.com/?p=1645061

Original article

How to Install OpenLiteSpeed HTTP Server with PHP on Ubuntu 18.04 LTS

OpenLiteSpeed is an open-source HTTP server developed by LiteSpeed Technologies. It is a high-performance and lightweight HTTP server with a web-based GUI for administration. In this tutorial, we show you how to install OpenLiteSpeed with the MariaDB database and the current PHP 7.4 on the Ubuntu 18.04 server.


Original URL: https://www.howtoforge.com/tutorial/how-to-install-and-configure-openlitespeed-with-php-7-4-on-ubuntu-1804/

Original article

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑

%d bloggers like this: