Zero-day vulnerability in ‘Total Donations’ plugin could allow attackers to take over WordPress sites
The zero-day affects all versions of Total Donations plugin, a commercial plugin that is used to gather and manage donations.
The plugin’s code contains several design flaws that inherently expose the plugin and the WordPress site as a whole to external manipulation.
WordPress site owners are being alerted about an unpatched vulnerability discovered in ‘Total Donations’ plugin. The vulnerability, identified as CVE-2019-6703, could allow attackers to take over affected sites.
Security expert Mikey Veenstra from Defiant observed that attackers have been using this zero-day vulnerability to infect several WordPress sites over the past week.
About CVE-2019-6703
The zero-day affects all versions of Total Donations plugin, a commercial plugin that is used to gather and manage donations from the respective user bases.
Giving more details, Veenstra explained that the plugin’s code contains several design flaws that inherently expose the plugin and the WordPress site as a whole to external manipulation.
“Searching the site’s codebase for the strings migla_getme and miglaA_update_me revealed the installed Total Donations plugin, and we quickly identified the exploited vulnerabilities as well as the attacker’s workflow,” said Veenstra in a blog post.
Where does the flaw exist?
The plugin in question contains an AJAX endpoint that can be queried by any unauthorized person.
“Total Donations registers a total of 88 unique AJAX actions into WordPress, each of which can be accessed by unauthenticated users by querying the typical /wp-admin/admin-ajax.php endpoint. We have determined that 49 of these 88 actions can be exploited by a malicious actor to access sensitive data, make unauthorized changes to a site’s content and configuration, or take over a vulnerable site entirely,” Veenstra added.
The AJAX endpoint allows an attacker to change the core setting value of any WordPress site. It can also enable the hacker to modify the destination account of donations received through the plugin and even retrieve Mailchimp mailing lists.
Defiant said that the developer’s site for the plugin appears to have gone inactive since May 2018. As there is no security patch for the vulnerability, users are therefore requested to delete or deactivate the plugin as soon as possible in order to secure their sites.
Cisco Firewall, Watch Guard Firewall, Fortigate Firewall security solutions. We provide support for setup of Virtual Private Network ( VPN ), Branch Office VPN and VPN Management Services. Cisco Firewall, Watch Guard Firewall, Fortigate Firewall, Firewall companies in India, Firewall company India, firewall installation company in Hyderabad, firewall solutions, hardware based firewall provider, network firewall India
Security solutions at IT Monteur is aimed to protect your business from hackers attack and other Internet threats. We aim at running your business smooth without any worry about securing your data. IT Monteur a Firewall Company in Delhi India, provides firewall software and hardware firewall to protect your data from any mallacious attacks and unexpected crises.
Robust Network Protection in Hyderabad
IT Monteur Managed Network Security unifies stand-alone network security services into one robust network security and threat management solution—to protect critical networks and data from increasingly diverse and sophisticated cyber security threats.
Network Security Addressing the Challenging Threat Landscape in Hyderabad
Network security is a top priority for most enterprises. The increasingly complex network security landscape only compounds network security challenges, with expansive networks and emerging communications technology trends like cloud computing, social media and mobile enablement. IT Monteur Managed Network Security solutions seamlessly integrate security technologies—such as anti-virus protection, firewalls, intrusion prevention, application control, web content filtering, VPN, anti-spam and more—layered into comprehensive, custom security solutions. We address your entire threat landscape with end-to-end network security protection, policies, best practices and threat intelligence capabilities to mitigate network security risks. By managing key security functions on a single platform, we deliver network security at significant cost savings.
Firewall Software and Hardware Firewall solutions are both designed to block unauthorized access to computers in your network. A firewall software program is installed on each individual PC it’s meant to protect. To safeguard all your company’s computers, however, each one must have a software firewall installed. This can become expensive and difficult to maintain and support. But, a hardware-based firewall is easier to maintain and administer than individual software firewalls. It protect all the computers on your network.
Our firewall security solutions is Combined network and physical security for a more comprehensive approach that meets your needs and that allows you to add integrated protection from hackers, spam, malicious websites, identity theft.
we provide secure access to enable workers at home, at remote sites, or traveling to connect to your business safely and securely Secure storage that gives you the flexible capacity to protect and back up data, video, and images and also provide Physical protection to guard your business and your employees from theft, vandalism, and unlawful access.
Additional Intelligence: Directory integration to tie security policies to users and groups; cloud-based reputation services to stop traffic from dangerous sources
Real-time and historical visibility into user, network, and security activity
We are also providing UTM ( Unified threat management ) Firewall Solutions for SMB & Enterprices
Cloud or Premises-Based Managed Network Security Solutions Provider in Hyderabad
We design, configure, install, manage, monitor and maintain network security for your enterprise with cloud-based and customer premises equipment (CPE) delivery options. With IT Monteur Managed Network Security, you never have to worrying about outdated equipment, hardware failure and funding CAPEX investments. As a fully managed solution, we unburden IT staff from day-to-day security infrastructure management tasks and free up internal IT resources to focus on strategic initiatives that support the bottom line.
Managed Network Security Provider in Hyderabad
Managed Network Security Provider in Hyderabad
Firewall with customizable rules
Flexible delivery methods: CPE or Cloud-Based
Unified Threat Management
Intrusion Prevention with application intelligence to detect and prevent malicious traffic from gaining network access
Dedicated Security Operations Center that assists real time with changes
VPN IP SEC tunnels and remote user access
Immediate updates to security when new threats emerge
Information Security - InfoSec - Cyber Security - Firewall Providers Company in India
What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.
Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.
Firewall Firm is an IT MonteurFirewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India
Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net