WordPress plugin flaw affects over 300,000 websites

[Bradley Prior]

WordPress plugin flaw affects over 300,000 websites

Two popular WordPress plugins contain major security flaws that left about 320,000 websites open to exploit.

Security firm WebARX discovered that the InfiniteWP Client and WP Time Capsule plugins contain issues that allow malicious parties to log in to an administrator account without using a password.

 

[ActivateD]

This is why I am moving my company website away from WordPress towards something like jekyll.

 

[Bryn]

This is why I am moving my company website away from WordPress towards something like jekyll.

Not a good reason to do so. It is trivially easy to mask the plugins in use so that bad actors don't realise you're available for exploitation. And it is vanishingly rare for top-quality plugins to have serious vulnerabilities, plus plugin use should be kept to a minimum in general.