WordPress Woes: SeedProd Plugin Flaw Leaves 900K Sites Hackable

In a digital pickle, nearly a million WordPress sites risked a content caper due to a pesky plugin flaw. Time to patch up, web wizards!

Hot Take:

What’s the deal with WordPress plugins acting like the insecure friend at a party who just can’t stop oversharing? This time, it’s the Website Builder plugin by SeedProd that’s spilling the digital beans, letting hackers scribble all over unsuspecting websites. I mean, if your website’s “coming soon” page suddenly starts selling knockoff sunglasses, you’ve probably been hit. With the issue patched faster than you can say “update now,” let’s take a peek at what turned nearly a million websites into potential hacker playgrounds.

Key Points:

  • Nearly a million WordPress websites were left hanging in the cybersecurity wind due to a flaw in the Website Builder plugin by SeedProd.
  • Naughty hackers could waltz in and modify your “coming soon” page to announce the second coming of dial-up internet.
  • The vulnerability, known as CVE-2024-1072, scored an 8.2/10 on the “Oh No!” scale, officially classed as a “high risk” flaw.
  • SeedProd played superhero and patched the issue quicker than you can spell “vulnerability,” urging all users to update to version 6.15.22.
  • Admins everywhere are reminded to keep their plugins updated unless they want their websites to host unexpected cyber parties.
Cve id: CVE-2024-1072
Cve state: PUBLISHED
Cve assigner short name: Wordfence
Cve date updated: 02/05/2024
Cve description: The Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the seedprod_lite_new_lpage function in all versions up to, and including, 6.15.21. This makes it possible for unauthenticated attackers to change the contents of coming-soon, maintenance pages, login and 404 pages set up with the plugin. Version 6.15.22 addresses this issue but introduces a bug affecting admin pages. We suggest upgrading to 6.15.23.

Need to know more?

Plugin Pandemonium

Imagine leaving your front door unlocked and wondering why you have uninvited guests. That's what happened to WordPress websites using a plugin that might as well have rolled out the red carpet for hackers. The Website Builder by SeedProd, boasting over 900,000 installations, had a flaw that was like saying "Hack me, please!" to anyone with a keyboard and too much time on their hands.

Patch It Like It's Hot

But fear not, for SeedProd wasn't having any of it. They slapped on a patch faster than a digital Band-Aid and upped the plugin to version 6.15.22. The message to all the WordPress users was clear: Update or risk turning your website into a digital doodle board.

Why WordPress Wins But Also Loses

WordPress is the king of the website builders, powering a whopping 43% of the web. It's like the popular kid in school – everyone wants a piece. The platform itself is Fort Knox-level secure, with less than 1% of vulnerabilities targeting the builder. The plugins, though? They're the Achilles heel, with many being the neglected brainchildren of solo devs, ripe for exploitation by cyber miscreants.

Update or Bust

The lesson here is as old as time (or at least as old as the internet): Keep your stuff updated. WordPress admins, consider this your friendly reminder to update those plugins unless you enjoy the thrill of cyber roulette. Remember, an outdated plugin is like a "Kick Me" sign for your website, and hackers have a strong kicking game.

Signing Off

And there you have it, folks. If you're running a WordPress site, maybe take a break from picking the perfect emoji for your next post and check those plugins. It's a wild web world out there, and you don't want your website to be the next wall of shame in the hackers' hall of fame. Stay safe, stay updated, and keep those digital doors locked tight!

Tags: CVE-2024-1072, high-risk flaw, Plugin security patch, SeedProd Website Builder, website content modification, WordPress Plugin Vulnerability, WordPress Security