Critical WordPress Plugin Vulnerability Impacts Over 100,000 Websites
Overview
A severe vulnerability in the popular WordPress donation plugin, GiveWP, has been discovered, exposing over 100,000 websites to potential attacks.
The vulnerability, tracked as CVE-2024-5932, allows unauthenticated remote attackers to execute arbitrary code and delete files on affected websites.
Impact
This vulnerability could allow attackers to:
- Take control of affected websites
- Steal sensitive data, such as payment information and user credentials
- Install malware and redirect visitors to malicious websites
The vulnerability affects all versions of GiveWP prior to 5.7.2.
Resolution
WordPress users are strongly advised to update GiveWP to version 5.7.2 or later immediately.
Here are step-by-step instructions to update GiveWP:
1. Log in to your WordPress dashboard. 2. Navigate to Plugins > Installed Plugins. 3. Find GiveWP in the list of plugins. 4. Click on the Update Now button.If you are unable to update GiveWP, you can disable the plugin until a fix is available.
Additional Resources
- Sucuri Blog: GiveWP Vulnerability: Critical RCE, Over 100,000 Sites Impacted
- GiveWP Developers
- WordPress Plugins Support
Comments