If cyberhackers are so eager to create administrator accounts, it’s not just for the sake of fame. Indeed, all eligible websites, regardless of their CMS or host, are key masters. An administrator account allows its owner to control all site data, from CMS to content and plugin management, including more sensitive data such as email addresses or IDs. There are so many permissions that hackers will use in their own ways. They will be able to distribute malware at will, redirect to fraudulent sites, hide malware in databases or through code, steal sensitive data and, of course, launch phishing campaigns.
It is therefore only natural that the Wallarm team recently discovered another critical vulnerability, CVE-2024-2876 with a rating of 9.8 out of 10, in another WordPress plugin “Email Subscribers” for versions prior to 5.7.14. Again, the goal was to create administrator accounts.
Both companies recommend a deep clean of the affected sites, including a full database and file restore to make the backup free of all traces of the attack, deletion of compromised admin accounts, resetting all account IDs, and of course, increased monitoring of any new suspicious admin accounts. . A huge task is entrusted to… the administrator.
Related Posts
Winamp will become open source
This very affordable car mat may be out of stock at Lidl.
