Total Tests:

Patch takeover: App developers, like WordPress, left to weigh backlash of forced security updates

By Bradley Barth for SC Media
Friday, October 30, 2020

In an uncommon move, WordPress developers earlier this month automatically pushed an important security update for the popular Loginizer plug-in to roughly 1 million people, which caught some unsuspecting users off-guard in the process.

“I think users should be grateful to WordPress for taking care of their website security,” agreed Ilia Kolochenko, founder and CEO of ImmuniWeb. “Given the critical risk of the vulnerability and the ease of exploitation, unpatched plug-ins are a major risk not only for careless website owners but for the integrity of their website visitors, whose confidential data and PII may be stolen and then sold or exploited.”

“Furthermore, attackers can likewise install a sophisticated malware on the compromised website and infect visitors’ computers or mobile devices with a ransomware.”

Kolochenko went so far as to say such forced updates should be made on a regular basis for its WordPress’s popular plugins.

Of course, there are potential pitfalls to such a strategy. Read Full Article


Book a Call Ask a Question
Close
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a Technical Question?

Our security experts will answer within
one business day. No obligations.

Have a Sales Question?
Email:
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
*
*
*
*
Your data will stay private and confidential