Vulnerability Patched in Import Export WordPress Users
On February 26th, our Threat Intelligence team discovered a vulnerability in Import Export WordPress Users, a WordPress plugin installed on over 30,000 sites. The flaw allowed anybody with subscriber-level access or above to import new users via a CSV file, including administrative level users.
We reached out to the plugin’s developer on February 26th, who responded that they were currently working on updating their plugin with several security fixes. They released a patch for the problem before we provided the full disclosure of the vulnerability. After the initial release, we provided some additional security recommendations for issues not addressed in that initial release. The plugin’s developer released a patch addressing those concerns shortly thereafter.
This is considered a high severity security issue that could allow attackers to completely take over WordPress sites. We highly recommend updating to the latest version, 1.3.9, immediately.
Watch video Vulnerability Patched in Import Export WordPress Users online, duration hours minute second in high quality that is uploaded to the channel Wordfence 11 March 2020. Share the link to the video on social media so that your subscribers and friends will also watch this video. This video clip has been viewed 400 times and liked it 9 visitors.
