To all the WordPress admins – it’s the panic time! Another WordPress plugin is just added to the vulnerable list affecting thousands of websites as you are reading this.
This time it is MapPress Maps that are installed over 80,000 websites. This popular plugin somehow failed these thousands of websites by exposing them to hackers.
Yes, the researchers from Alert Logic found the vulnerability as they have found a privilege escalation bug thriving inside the plugin. This is a major loophole since the exploitation of the bug can allow a hacker to access the PHP files and even write or delete codes remotely!
Through this vulnerability an attacker can get a subscriber’s privilege, can download and upload any arbitrary malicious PHP files. The CVE number of this WordPress vulnerability is CVE-2020-12675.
Although, the technical details are not released, as per NVD’s (Nation Vulnerability Database) report the reason behind this bug is the incorrect implementation of AJAX functions that are related to the deletion, retrieval, and creation of PHP files.
Developers are alarmed
As soon as the bug is discovered, the developers are informed and they started patching up. Soon they released the plugin version 2.54.6 that recovered the bug issue. Hence, the developers who use the plugin are requested to update to the latest version.
Although updating a plugin sounds not a big deal, it is requested to contact professional WordPress developers or rely on a professional WordPress maintenance service provider. It is also advised to use a WordPress staging site while updating the plugin so that you can avoid any unwanted issues in your live site.
Welcome To Wordpress Health 