Home » Tag: General Bazaar

Tag Archives: General Bazaar

Home » Tag: General Bazaar

Zero-day vulnerability in ‘Total Donations’ plugin could allow attackers to take over WordPress sites

  • The zero-day affects all versions of Total Donations plugin, a commercial plugin that is used to gather and manage donations.
  • The plugin’s code contains several design flaws that inherently expose the plugin and the WordPress site as a whole to external manipulation.

WordPress site owners are being alerted about an unpatched vulnerability discovered in ‘Total Donations’ plugin. The vulnerability, identified as CVE-2019-6703, could allow attackers to take over affected sites.

Security expert Mikey Veenstra from Defiant observed that attackers have been using this zero-day vulnerability to infect several WordPress sites over the past week.

About CVE-2019-6703

The zero-day affects all versions of Total Donations plugin, a commercial plugin that is used to gather and manage donations from the respective user bases.

Giving more details, Veenstra explained that the plugin’s code contains several design flaws that inherently expose the plugin and the WordPress site as a whole to external manipulation.

“Searching the site’s codebase for the strings migla_getme and miglaA_update_me revealed the installed Total Donations plugin, and we quickly identified the exploited vulnerabilities as well as the attacker’s workflow,” said Veenstra in a blog post.

Where does the flaw exist?

The plugin in question contains an AJAX endpoint that can be queried by any unauthorized person.

“Total Donations registers a total of 88 unique AJAX actions into WordPress, each of which can be accessed by unauthenticated users by querying the typical /wp-admin/admin-ajax.php endpoint. We have determined that 49 of these 88 actions can be exploited by a malicious actor to access sensitive data, make unauthorized changes to a site’s content and configuration, or take over a vulnerable site entirely,” Veenstra added.

The AJAX endpoint allows an attacker to change the core setting value of any WordPress site. It can also enable the hacker to modify the destination account of donations received through the plugin and even retrieve Mailchimp mailing lists.

Defiant said that the developer’s site for the plugin appears to have gone inactive since May 2018. As there is no security patch for the vulnerability, users are therefore requested to delete or deactivate the plugin as soon as possible in order to secure their sites.

Firewall Provider in Hyderabad

Firewall Provider in Hyderabad

Cisco Firewall, Watch Guard Firewall, Fortigate Firewall security solutions. We provide support for setup of Virtual Private Network ( VPN ), Branch Office VPN and VPN Management Services. Cisco Firewall, Watch Guard Firewall, Fortigate Firewall, Firewall companies in India, Firewall company India, firewall installation company in delhi, firewall solutions, hardware based firewall provider, network firewall Hyderabad - India

Cisco Firewall, Watch Guard Firewall, Fortigate Firewall security solutions. We provide support for setup of Virtual Private Network ( VPN ), Branch Office VPN and VPN Management Services. Cisco Firewall, Watch Guard Firewall, Fortigate Firewall, Firewall companies in India, Firewall company India, firewall installation company in Hyderabad, firewall solutions, hardware based firewall provider, network firewall India

Security solutions at IT Monteur is aimed to protect your business from hackers attack and other Internet threats. We aim at running your business smooth without any worry about securing your data. IT Monteur a Firewall Company in Delhi India, provides firewall software and hardware firewall to protect your data from any mallacious attacks and unexpected crises.

Robust Network Protection in Hyderabad

IT Monteur Managed Network Security unifies stand-alone network security services into one robust network security and threat management solution—to protect critical networks and data from increasingly diverse and sophisticated cyber security threats.

Network Security Addressing the Challenging Threat Landscape in Hyderabad

Network security is a top priority for most enterprises. The increasingly complex network security landscape only compounds network security challenges, with expansive networks and emerging communications technology trends like cloud computing, social media and mobile enablement. IT Monteur Managed Network Security solutions seamlessly integrate security technologies—such as anti-virus protection, firewalls, intrusion prevention, application control, web content filtering, VPN, anti-spam and more—layered into comprehensive, custom security solutions. We address your entire threat landscape with end-to-end network security protection, policies, best practices and threat intelligence capabilities to mitigate network security risks. By managing key security functions on a single platform, we deliver network security at significant cost savings.

Firewall Software and Hardware Firewall solutions are both designed to block unauthorized access to computers in your network. A firewall software program is installed on each individual PC it’s meant to protect. To safeguard all your company’s computers, however, each one must have a software firewall installed. This can become expensive and difficult to maintain and support. But, a hardware-based firewall is easier to maintain and administer than individual software firewalls. It protect all the computers on your network.

Our firewall security solutions is Combined network and physical security for a more comprehensive approach that meets your needs and that allows you to add integrated protection from hackers, spam, malicious websites, identity theft.

we provide secure access to enable workers at home, at remote sites, or traveling to connect to your business safely and securely Secure storage that gives you the flexible capacity to protect and back up data, video, and images and also provide Physical protection to guard your business and your employees from theft, vandalism, and unlawful access.

Our firewall security solutions Key features:

  • Standard firewall capabilities: Packet filtering, network address translation (NAT), stateful protocol inspection, Virtual Private Networking
  • Integrated Network Intrusion Prevention (IPS)
  • Application Awareness and Control
  • Additional Intelligence: Directory integration to tie security policies to users and groups; cloud-based reputation services to stop traffic from dangerous sources
  • Real-time and historical visibility into user, network, and security activity

We are also providing UTM ( Unified threat management ) Firewall Solutions for SMB & Enterprices

Cloud or Premises-Based Managed Network Security Solutions Provider in Hyderabad

We design, configure, install, manage, monitor and maintain network security for your enterprise with cloud-based and customer premises equipment (CPE) delivery options. With IT Monteur Managed Network Security, you never have to worrying about outdated equipment, hardware failure and funding CAPEX investments. As a fully managed solution, we unburden IT staff from day-to-day security infrastructure management tasks and free up internal IT resources to focus on strategic initiatives that support the bottom line.

Managed Network Security Provider in Hyderabad

 

Managed Network Security Provider in Hyderabad

Managed Network Security Provider in Hyderabad

  • Firewall with customizable rules
  • Flexible delivery methods: CPE or Cloud-Based
  • Unified Threat Management
  • Intrusion Prevention with application intelligence to detect and prevent malicious traffic from gaining network access
  • Dedicated Security Operations Center that assists real time with changes
  • VPN IP SEC tunnels and remote user access
  • Immediate updates to security when new threats emerge
  • Application control
  • Anti-virus protection
  • Web content filtering
  • High availability
  • Secure Wi-Fi access
  • DMZ management
  • Customer logs available upon request
  • Weekly security reporting

Please Contact us for all type of Cisco Firewall, Watch Guard Firewall, Fortigate Firewall , Cyberoam Firewall security solutions. We provide support for setup of Virtual Private Network ( VPN ), Branch Office VPN and VPN Management Services.

Cisco Firewall, Watch Guard Firewall, Fortigate Firewall, Cyberoam Firewall, Firewall companies in India, Firewall company India, firewall installation company in delhi, firewall solutions, hardware based firewall provider, network firewall India

For more details on Firewall security solutions & Support in in Hyderabad

Please Call us on

Sales :+91 958 290 7788 | Support : 0120 2631048

Read More »