A high-severity vulnerability requiring no user authentication was discovered in a WordPress Backup plugin with over five million installations. The WordFence report assigned the vulnerability a severity rating of 7.5, which is High—the second worst after Critical. The vulnerability has since been fixed, but website owners will still be at risk until they update the plugin to apply the patch.

The vulnerability is called an Unauthenticated PHP Object Injection. With this vulnerability, and if another plugin is present to exacerbate the issue, the attacker would be able to delete important files, gain access to sensitive information, and run harmful code. According to the WordFence report:

This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must export and restore a backup in order to trigger the exploit.

Website security is increasingly important in today's digital landscape and breaches can lead to unauthorized access, data breaches, and loss of customer trust. Site builders are always under threat—check the WordFence Vulnerability Database and just look how many are dated for today. How can anybody stay on top of that? Enter WebConduit!

Our Approach to Superior Website Security

At WebConduit, we do it all for you! As well as design, development, hosting, maintenance, and unlimited free edits we handle the security of your website so that you can focus on running your business. We offer:

• Hand-Coded Solutions: We build every website from scratch, removing the need for third-party plugins that can introduce vulnerabilities. This meticulous approach ensures that each site is robust and secure by design.
• Continuous Monitoring and Updates: We provide ongoing monitoring and prompt application of security updates, ensuring that your website remains protected against emerging risks and operates reliably at all times.
• Statically Locked Down: Our static websites have no moving parts aside from a controlled blog, leaving no surface for attackers to exploit. This reduces common vulnerabilities found in traditional websites.
• Unlimited Backups: We keep backups in multiple locations, each boasting a full version history back to the initial design, allowing us to restore your site quickly if needed.

Let us take care of the technical side so you don't have to!