WordPress is one of the main platforms powering many websites and blogs that you read today. It is an incredibly popular platform augmented by the fact that there is a very active developer scene where there are a ton of plugins that users can use to improve their website. However, it seems that not all plugins were created equal.
According to a recent report, it seems that a recent bug has been discovered in the InfiniteWP Client plugin, where if exploited, it would allow just about anyone to log into a website running the platform as an admin, and they wouldn’t even need the password to begin with! To make matters worse, this is a particularly popular plugin.
It has been estimated that it is currently installed on over 300,000 websites at the very least, meaning that hundreds of thousands of websites are affected. The good news is that the plugin’s maker, Revmakx, has since patched the flaw after the vulnerability was disclosed. If you are running the plugin on your website, then you probably want to update it to the latest version to close the loophole.
It is unclear if there were any websites that might have been affected and exploited due to this flaw, but we haven’t heard any reports yet so for now, it seems like it was patched in time.