Security vulnerabilities in MalCare (1)
-
Possible site takeover through stolen API credentials in combination with SQLi – (MalCare <= 5.09)
Affected plugin MalCare Active installs 300,000+ Vulnerable version <= 5.0.9 Audited version 4.97 / 5.0.9 Fully patched version 5.16 Recommended remediation Removal of the plugin Description MalCare uses broken cryptography to authenticate API requests from its remote servers to connected WordPress sites. Requests are authentication by comparing a shared secret stored as plaintext in the…