Ilam University APA

Critical Security Flaw in WordPress AIOS Plugin Exposes User Passwords

A significant security flaw has been detected in the All-In-One Security (AIOS) WordPress plugin, which is utilized by over one million WordPress websites. The plugin was found to be logging plaintext passwords from user login attempts into the site’s database, thereby jeopardizing account security.

Elementor Pro Vulnerability

According to BleepingComputer, Elementor Pro version 3.11.7 fixes a critical vulnerability that in combination with the WooCommerce plugin running on the site allows any authenticated user (such as the subscriber or customer user role) to update any WordPress setting on the site.

Third of Log4J downloads are still vulnerable versions!

The Log4j vulnerability has been making headlines in the tech world recently. In short, Log4j is a popular Java-based logging utility used by millions of organizations worldwide. Unfortunately, a critical vulnerability was discovered in the software that could potentially allow cybercriminals to execute arbitrary code remotely, giving them full control of the affected system.