It has been discovered by the cybersecurity expert MalwareHunterTeam. The lure is a supposed unusually activity on the victim’s account. The goal: steal PII and sensitive data.
Cybersecurity Help: New WordPress plugin vulnerability. This time it’s up to Realia
New WordPress plugin vulnerability, this time it’s up to Realia. It has been reported by Cybersecurity Help. The flaw (CWE-284 – Improper Access Control) allows a remote attacker to gain unauthorized access to otherwise restricted functionality. It exists due to an IDOR issue. A threat actor could send a specially crafted request with the post ID to delete arbitrary posts. Furthermore, the researchers are currently unaware of any official solution to address this vulnerability. The Realia involved versions are: 0.1.0, 0.2.0, 0.3.0, 0.4.0, 0.5.0, 0.6.0, 0.7.0, 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.8.4, 0.8.5, 0.9.1, 0.9.2, 0.9.3, 1.0.0, 1.0.1, 1.1.0, 1.2.0, 1.2.1, 1.3.0, 1.4.0.