This WordPress Plugin May Have Exposed Websites To Hacks

Is your company’s website built around WordPress? It wouldn’t be much of a surprise if that were the case. 24As the most popular platform on the web, there are tens of millions of WordPress sites out there, both personal and business.

One of the things that makes WordPress so attractive is that it’s insanely easy to customize. That is because there are thousands of plugins offered by a wide range of third-party vendors and developers that can change the software or enhance its capabilities making it possible to do just about anything.

One of the more popular WordPress plugins is something called “Responsive Menu.” As the name suggests, its purpose is to give administrators create W3C compliant and mobile-ready site menus. The idea here is that depending on what type of device you’re browsing a website from, the menu needs to be different in order to display with the greatest efficiency and be responsive to the user’s clicks or taps. The Responsive Menu plugin helps make that happen.

Unfortunately, popular, genuinely useful plugins are often targets for hackers. In this case, security researchers on the Wordfence Threat Intelligence team found a trio of different vulnerabilities in plugin, with some evidence that hackers knew about and had been using them in the wild to gain control over systems running the Responsive Menus plugin.

All three flaws are rated as critical and all three ultimately allow a hacker to gain complete control over a site running the plugin.

The good news is that the company behind the plugin responded quickly and patched the plugin to address the security issues. Unfortunately, that only helps users who regularly update their plugins. Based on current estimates, there are still more than 50,000 websites running an older version of the plugin that leaves them vulnerable.

The version number you’re looking for to make sure you’re protected is version 4.0.4. If you’re running anything before that, upgrade as soon as possible.