Blog & Company News
Jan 9, 2014
WordPress Vulnerability, Versions 3.7.1/3.8: The “Fix” Is In!
As an industry-leading technology and hosting Company with a standing reputation for incomparable customer service, NewtekOne remains deeply committed to keeping the industry updated on breaking cyber security news and prevention. It is no secret that 1 of every 4 new websites is designed in simple-to-use, feature-rich WordPress. The platform’s popularity has also made its sites a top target for hackers.
One of the top security WordPress mantra’s has become, “update, update, and update,” meaning take the time to update versions and plugins to ensure site security is bolstered. Outdated plugins are key entry points for hackers.
Unfortunately, WordPress users have found themselves in something of a cyber Catch-22. Older versions, of course, are vulnerable by defininition. However, newest WordPress versions 3.7.1/3.8 contain a vulnerability that is equally vulnerable, and the platform is yet to offer a suitable fix. Here’s the latest from SCIP.com (we recommend that you finish this article, for a solution):
“A vulnerability was found in WordPress 3.7.1/3.8. It has been rated as critical. This issue affects an unknown function of the file wp-admin/options-writing.php of the component Credentials Handler. The manipulation with an unknown input leads to a information disclosure vulnerability. Impacted is confidentiality, integrity, and availability.
The weakness was disclosed 12/16/2013 by MustLive as Information Leakage and Backdoor vulnerabilities in WordPress as mailinglist post (Full-Disclosure). The advisory is shared for download at seclists.org. The public release happened without involvement of the project team. The exploitability is known to be difficult. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation …
There is no information about possible countermeasures known … The vulnerability is also documented in the vulnerability database at OSVDB (
101101).
websecurity.com.ua is providing further details.”
NewtekOne has learned that the best measure in such circumstance is not to take the passive position, waiting for someone else to figure out what to do. Instead, knowing that both our clients (and the public) are at risk, the best action is to find a solution. Or in some cases, build one, if need be.
So, without further ado, your solution: Download the
Cyber Security Shield. Our NewtekOne development and server operations teams have thoroughly tested it. Not only does it protect this particular vulnerability, but thousands of other potential threats as well.
In our opinion, this is a fantastic, reliable product. Moreover, the Company also offers a
FREE scanner, to see if you have any current vulnerability, besides those already mentioned.
What about Cyber Security for non-WordPress websites?
Generally speaking, keeping updates current, regularly changing passwords, a good anti-virus, and a solid firewall make for a solid foundation. However, for small businesses or even individuals, the pain, aggravation, and potential fiscal annihilation associated with being victimized are more than anyone would care to endure. Alas, sometimes it happens, to the best.
It has even happened to tech giant Apple. And it cost them a pretty penny.
So what to do?
Did you know there is such a thing as cyber insurance? It is ideal for just about any business with a website. And yes, it is just as important for those institutions who do not even subsist through ecommerce. You have a website – you and your customers are vulnerable. That’s just a cold, hard fact.
Many do not realize that most general liability/ business insurance policies do not cover damages associated with cybercrime. The good news is that cyber insurance does cover it, and so far, it is quite affordable to procure an extensive policy.
As usual, NewtekOne has you covered.
Click here to learn more, or contact cyber security insurance specialist Ali Lunsford directly via email at
alunsford@newtekone.com or by phone at 866-380-7007 x 11010.
As an industry-leading technology and hosting Company with a standing reputation for incomparable customer service, NewtekOne remains deeply committed to keeping the industry updated on breaking cyber security news and prevention. It is no secret that 1 of every 4 new websites is designed in simple-to-use, feature-rich WordPress. The platform’s popularity has also made its sites a top target for hackers.
One of the top security WordPress mantra’s has become, “update, update, and update,” meaning take the time to update versions and plugins to ensure site security is bolstered. Outdated plugins are key entry points for hackers.
Unfortunately, WordPress users have found themselves in something of a cyber Catch-22. Older versions, of course, are vulnerable by defininition. However, newest WordPress versions 3.7.1/3.8 contain a vulnerability that is equally vulnerable, and the platform is yet to offer a suitable fix. Here’s the latest from SCIP.com (we recommend that you finish this article, for a solution):
“A vulnerability was found in WordPress 3.7.1/3.8. It has been rated as critical. This issue affects an unknown function of the file wp-admin/options-writing.php of the component Credentials Handler. The manipulation with an unknown input leads to a information disclosure vulnerability. Impacted is confidentiality, integrity, and availability.
The weakness was disclosed 12/16/2013 by MustLive as Information Leakage and Backdoor vulnerabilities in WordPress as mailinglist post (Full-Disclosure). The advisory is shared for download at seclists.org. The public release happened without involvement of the project team. The exploitability is known to be difficult. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation …
There is no information about possible countermeasures known … The vulnerability is also documented in the vulnerability database at OSVDB (101101). websecurity.com.ua is providing further details.”
NewtekOne has learned that the best measure in such circumstance is not to take the passive position, waiting for someone else to figure out what to do. Instead, knowing that both our clients (and the public) are at risk, the best action is to find a solution. Or in some cases, build one, if need be.
So, without further ado, your solution: Download the Cyber Security Shield. Our NewtekOne development and server operations teams have thoroughly tested it. Not only does it protect this particular vulnerability, but thousands of other potential threats as well.
In our opinion, this is a fantastic, reliable product. Moreover, the Company also offers a FREE scanner, to see if you have any current vulnerability, besides those already mentioned.
What about Cyber Security for non-WordPress websites?
Generally speaking, keeping updates current, regularly changing passwords, a good anti-virus, and a solid firewall make for a solid foundation. However, for small businesses or even individuals, the pain, aggravation, and potential fiscal annihilation associated with being victimized are more than anyone would care to endure. Alas, sometimes it happens, to the best.
It has even happened to tech giant Apple. And it cost them a pretty penny.
So what to do?
Did you know there is such a thing as cyber insurance? It is ideal for just about any business with a website. And yes, it is just as important for those institutions who do not even subsist through ecommerce. You have a website – you and your customers are vulnerable. That’s just a cold, hard fact.
Many do not realize that most general liability/ business insurance policies do not cover damages associated with cybercrime. The good news is that cyber insurance does cover it, and so far, it is quite affordable to procure an extensive policy.
As usual, NewtekOne has you covered. Click here to learn more, or contact cyber security insurance specialist Ali Lunsford directly via email at alunsford@newtekone.com or by phone at 866-380-7007 x 11010. 
