• Plans & Pricing (On Sale!)
  • Client Login
Web Hosting Blog from MonsterMegs Web Hosting Blog from MonsterMegs
  • Plans & Pricing (On Sale!)
  • Client Login

WordPress Security: Multiple Vulnerabilities in InfiniteWP Admin Panel. Upgrade immediately.

  • By Kevin
  • December 9, 2014
  • 2 minute read

About an hour ago researcher Walter Hop from Slik BV in the Netherlands disclosed multiple serious vulnerabilities in the InfiniteWP Admin Panel on the Full Disclosure and Bugtraq mailing lists. This admin panel is a standalone PHP application that is installed on a website and used as an interface to manage multiple WordPress websites.

The vulnerability includes several issues, the most serious of which appear to allow unauthenticated SQL injection. There is also a file upload vulnerability but only for certain web server configurations.

The issues were initially disclosed on November 26th and InifiniteWP has since released two fixes, the most recent of which were released yesterday, to fix these issues.

Details of the vulnerabilities were disclosed an hour ago – which is approximately 24 hours after InifiniteWP released their final fix yesterday. This doesn’t give customers much time to upgrade but has given hackers some of the information they need to exploit these vulnerabilities. So if you are using InifiniteWP’s Admin Panel, you need to upgrade immediately.

The researcher is recommending the following actions are taken:

  1. Upgrade InfiniteWP Admin Panel to version 2.4.4.
  2. Check the uploads directory for the presence of any unauthorized file uploads.
  3. Change admin passwords for the InfiniteWP Admin Panel and any WordPress sites in the panel. Use long and unique passwords.
  4. Remove and re-add WordPress sites to the InfiniteWP Admin Panel, in order to generate new secret keys.
  5. Strongly consider limiting access to the InfiniteWP Admin Panel, especially if you do not require customer access to the panel. For instance, use a .htaccess file to add authentication and limit IP addresses. If possible, protect the panel with a web application firewall (WAF) such as ModSecurity.

Please share this with other WordPress site administrators to help keep the community safe.

Source: http://www.wordfence.com/blog/2014/12/wordpress-security-multiple-vulnerabilities-infinitewp-upgrade-immediately/?utm_source=list&utm_medium=email&utm_campaign=infwp1

Share 0
Tweet 0
Pin it 0
Share 0
Share 0
You May Also Like
Introducing Mail.Baby (MailChannels) Email Delivery 1
View Post
  • 3 min

Introducing Mail.Baby (MailChannels) Email Delivery

  • February 18, 2022
Introducing Mail.Baby (MailChannels) Email Delivery 2
View Post
  • 5 min

Black Friday and Cyber Monday Mega Sale 2021

  • November 23, 2021
Introducing Mail.Baby (MailChannels) Email Delivery 3
View Post
  • 4 min

Introducing Imunify360 – AI Powered Security Suite

  • April 5, 2021
Introducing Mail.Baby (MailChannels) Email Delivery 4
View Post
  • 2 min

PHP 8 Now Available on All Servers

  • January 13, 2021
Introducing Mail.Baby (MailChannels) Email Delivery 5
View Post
  • 2 min

Black Friday Web Hosting Deals 2020

  • November 26, 2020
Introducing Mail.Baby (MailChannels) Email Delivery 6
View Post
  • 4 min

What is Semi-Dedicated Hosting?

  • November 23, 2020
Introducing Mail.Baby (MailChannels) Email Delivery 7
View Post
  • 3 min

Buying Web Hosting With Bitcoin

  • November 17, 2020
Introducing Mail.Baby (MailChannels) Email Delivery 8
View Post
  • 2 min

Automatic WordPress Backups Using CodeGuard

  • October 21, 2020

Leave a Reply Cancel reply

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated and your email address will NOT be published. Let's have a personal and meaningful conversation.

  • Introducing Mail.Baby (MailChannels) Email Delivery 9
    Introducing Mail.Baby (MailChannels) Email Delivery
    • February 18, 2022
  • Introducing Mail.Baby (MailChannels) Email Delivery 10
    Black Friday and Cyber Monday Mega Sale 2021
    • November 23, 2021
  • Introducing Mail.Baby (MailChannels) Email Delivery 11
    Introducing Imunify360 – AI Powered Security Suite
    • April 5, 2021
  • Introducing Mail.Baby (MailChannels) Email Delivery 12
    PHP 8 Now Available on All Servers
    • January 13, 2021
  • Introducing Mail.Baby (MailChannels) Email Delivery 13
    Black Friday Web Hosting Deals 2020
    • November 26, 2020

Subscribe now to our newsletter

  • Shared Hosting
  • Reseller Hosting
  • Semi-Dedicated Hosting
  • Domain Registration
© 2022 MONSTERMEGS, INC. ALL RIGHTS RESERVED

Input your search keywords and press Enter.