Vulnerability in WordPress Plugin Better Search Replace
Every website should be updated to the latest versions, not only to gain access to new features or speed, but also often to ensure that your website remains secure in use. After all, if you don't pay enough attention to this, then you risk losing your hard work on the website. In this blog post, let's take a look at the latest vulnerability in a popular WordPress Plug-in, Better Search Replace. Which is installed on more than 1 million WordPress websites.
Plug-in Better Search Replace
WordPress websites still sometimes change domain names, locations or otherwise changes that can impact the URL within the website. This can include something as simple as activating and switching to an HTTPS version of your website. In other words, a secure connection. You can adjust all of this manually within your website and database, but for many beginners and somewhat inexperienced webmasters, as is often the case with WordPress websites, this can seem intimidating. Better Search Replace ensures that this is done safely, and your entire database is checked one more time and scrubbed extra clean of any old URLs that might cause problems for your website later on. So it is a handy plug-in that can make sure that a transition in your website goes on without errors.
So for that reason, a lot of websites have made use of this plug-in and then leave it installed within the website. Where sometimes it can also happen that the plug-in is not updated in a timely manner.
Found vulnerability - SQL injection
The vulnerability found in question affects any version of the plug-in before version 1.4.1. Thus, any installation that has not yet been updated to this runs a risk that a malicious person can gain access to the database with an SQL injection attack. Which can have dire consequences for your website. From injecting to malware and other woes, to taking over administrator accounts or more. Which can result in losing control of the WordPress website.
Therefore, it is imperative that you take the necessary steps to immediately update this plugin to version 1.4.1 or later. You can easily perform this by doing so through the WordPress dashboard. Or you can also update this manually via FTP. You do this by replacing the files of the current installation of Better Search Replace with the latest version. With of course the option on to overwrite the files. After this, always check it in the WordPress administrator environment itself if everything was successful.
Found by MijnSecurityPartner.nl
We are proud that one of our own Security experts has found and reported this leak, at MijnSecurityPartner.nl we are here for you to make sure your website is thoroughly scanned and any vulnerabilities come to light. For many companies and organizations such a scan can shine a light on vulnerabilities and how they can be addressed.
So, do you want assurance for your company regarding the security of your website and the way it works? Then order your website audit now to let our experts loose and find any problem areas! This gives you peace of mind for the safe running of the website or local applications. Which of course, for more and more companies is becoming indispensable for the way of working and production.
If you want to read back the full report and still see the underlying technical information you can do so via the following link, this website is a gathering place for all WordPress vulnerabilities. And is therefore one of the first resources you should keep an eye on as a webmaster with a WordPress website.
To look at our services at MijnSecurityPartner.nl then you can do so with the following link.