In the past four months, Sucuri has seen an increase in the number of plugins affected by the misuse of  WordPress’ update_option() function. This function is used to update a named option/value in the options database table. If developers do not implement the permission flow correctly, attackers can gain admin access or inject arbitrary data into any website.

Note: The WordPress update_option() function cannot be used maliciously if the developer correctly implements it in their code.

Continue reading Misuse of WordPress update_option() function Leads to Website Infections at Sucuri Blog.

Via Sucuri.net