WP Umbrella Plugin Vulnerability Affects 30,000 Websites
/ 1 min read
A critical security vulnerability, identified as CVE-2024-12209, has been found in the WP Umbrella plugin, affecting over 30,000 websites. With a CVSS score of 9.8, this Local File Inclusion flaw allows unauthenticated attackers to gain complete control of affected sites by injecting malicious code. The vulnerability exists in all versions up to 2.17.0, and its exploitation could lead to severe consequences, including data breaches, website defacement, malware distribution, and complete server takeover. Website owners are urged to update to version 2.17.1, which includes a patch for the vulnerability, and to implement additional security measures such as regular backups, strong passwords, and web application firewalls to enhance protection.
