In this blog article, we discuss a recent discovery that has raised serious concerns about the security of over a million WordPress sites using the All-In-One Security (AIOS) plugin. Developed by Updraft, AIOS is a popular security plugin designed to protect websites from cyber threats. However, a critical flaw has been uncovered, exposing plaintext passwords from user login attempts. This poses a significant risk of unauthorized access to user accounts and the entire WordPress site. As a digital security experts, we will provide you with essential information and top safety measures to safeguard your WordPress site.
AIOS v5.1.9 was found to be storing plaintext passwords from user login attempts, violating security compliance standards and exposing user accounts to potential breaches.
Updraft acknowledged the issue as a "known bug" and promised a fix in the next release. Development builds were offered as a temporary solution but presented website issues and failed to remove password logs.
The Permanent Fix:
AIOS v5.2.0, released on July 11, addresses the vulnerability by preventing storage of plaintext passwords and purging old entries. The release announcement emphasizes the risk of password reuse on other services.
The Elevated Risks:
With over 750,000 sites still vulnerable, AIOS users need to update to version 5.2.0 to prevent potential breaches. The delayed response exposed users to exploitation during the three-week exposure period.
Neglected Communication: Updraft's lack of proactive communication leaves website owners and users vulnerable to further exploitation.
Top Cyber Security Measures:
The AIOS WordPress plugin vulnerability poses a significant threat to over a million websites. Armoryze encourages users to take immediate action by updating the plugin, resetting passwords, enabling 2FA and implementing WAF.
As a cybersecurity company, we offer industry-leading comprehensive cyber security solutions and services to fortify your digital infrastructure. Schedule a FREE consultation with our experts to assess your security needs and safeguard your valuable assets against potential breaches. Don't wait for cyber threats to strike — contact Armoryze now and ensure your website's protection.