Tech »  Topic »  More than 40,000 WordPress sites affected by new malware flaw - find out if you're affected

More than 40,000 WordPress sites affected by new malware flaw - find out if you're affected

6 hours ago   techradar.com
(Image credit: Shutterstock)
  • An SQL injection flaw in QSM plugin versions 10.3.1 and below was found
  • Vulnerability allows logged-in users (Subscriber or higher) to extract sensitive database data
  • WordPress admins urged to update QSM to v10.3.2 or newer to mitigate risk

If your website is running the Quiz and Survey Master WordPress plugin, you might want to update it to the latest version, or risk a possible cyberattack.

QSM lets users create quizzes, surveys, and forms without coding, with more than 40,000 websites actively using it - but recently, it was discovered versions 10.3.1 and older were vulnerable to an SQL injection flaw which allowed any logged-in user to inject commands into the database.

A security advisory from Patchstack noted this means any user with a “subscriber” account, or one with higher privileges, could perform a wide array of unwanted actions on vulnerable websites ...


Copyright of this story solely belongs to techradar.com . To see the full text click HERE