Incident Response, TDR, Vulnerability Management

Researchers discover two SQL injection flaws in WordPress security plugin

Switzerland-based information security company High-Tech Bridge has discovered two SQL injection vulnerabilities in the All In One WordPress Security and Firewall plugin for blogging platform WordPress.

The researchers tested on version 3.8.2, but indicated in a Wednesday post that versions prior to 3.8.2 are also likely to be impacted.

High-Tech Bridge notified the vendor and issued an advisory on Wednesday, but will not publically release technical details on the issues – which it deems medium risk – until Sept. 24, according to the post.

The All In One WordPress Security and Firewall plugin “reduces security risk by checking for vulnerabilities, and by implementing and enforcing the latest recommended WordPress security practices and techniques,” according to WordPress.org. It has more than 400,000 downloads.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.