WordPress security plugin Hide My WP addresses SQL injection, deactivation flaws.

25 November, 2021

A severe SQL injection (SQLi) vulnerability and a security vulnerability in Hide My WP, a popular WordPress security plugin, allowed unauthenticated attackers to deactivate the software.

Now patched, the bugs were discovered during an audit of several plugins on a customer’s website by Dave Jong, CTO of Patchstack, which protects WordPress websites from vulnerabilities and runs a WordPressfocused bug hunting platform.

Read More…