PTA Issues Security Alert on WordPress Plugin Vulnerability
The Pakistan Telecommunication Authority (PTA) has issued a cybersecurity advisory highlighting a critical vulnerability in the WP Tools plugin for WordPress, urging immediate action from users and administrators. The vulnerability, identified as CVE-2022-43453, impacts version 3.41 of the plugin and allows remote attackers to bypass access controls due to an authorization flaw, posing serious security risks.
The PTA stated that the high-severity vulnerability can be exploited through specially crafted requests, potentially enabling attackers to compromise affected systems. In its advisory, the PTA called on WordPress users and administrators to promptly update to the latest version of the plugin available in the WordPress Plugin Directory to address the threat.
The authority also emphasized the importance of maintaining updated systems and regularly applying security patches as a preventative measure against known vulnerabilities. Users were encouraged to report any cybersecurity incidents through the PTA’s CERT Portal or the provided email address to enable a coordinated response and strengthen collective cybersecurity defenses.