Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
WordPress Plugin Britetechs Companion Malicious Code (2.2.7) - Vulnerability Database

WordPress Plugin Britetechs Companion Malicious Code (2.2.7)

Description

WordPress Plugin Britetechs Companion contains malicous code. Exploiting this issue may allow an attacker to create a new administrative user account, thus compromising the affected application, and possibly the webserver or computer. WordPress Plugin Britetechs Companion version 2.2.7 is affected.

Remediation

Update to plugin version 2.2.8 or latest

References

https://www.wordfence.com/threat-intel/vulnerabilities/detail/several-wordpressorg-plugins-various-versions-injected-backdoor
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3109550%40britetechs-companion&old=3109493%40britetechs-companion&sfp_email=&sfph_mail=

Related Vulnerabilities

Apache httpOnly cookie disclosure Medium
Common tags: Missing Update
WordPress Plugin WP Bannerize 'ajax_clickcounter.php' SQL Injection (2.8.6) High
Common tags: Missing Update
WordPress Plugin WP-RecentComments 'page' Parameter Cross-Site Scripting (2.0.6) High
Common tags: Missing Update
WordPress Plugin WP Marketplace TimThumb Arbitrary File Upload (1.1.0) High
Common tags: Missing Update
WordPress Plugin WP Forum Server 'edit_post_id' Parameter SQL Injection (1.7) High
Common tags: Missing Update

Severity

High

Classification

CVE-2024-6297
CWE-506
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update