400,000 WordPress Sites at Risk from SQL Injection Vulnerability in Ally WordPress Plugin

Subscribe To Wordfence Security News Podcast:
https://www.youtube.com/playlist?list=PL1tmvSub1Gq577ZAHXWRyjUW3TAU8lQKW

Full Story: https://www.wordfence.com/blog/2026/03/30000-wordpress-sites-affected-by-authentication-bypass-vulnerability-in-tutor-lms-pro-wordpress-plugin/

More WordPress Security News: https://www.wordfence.com/news/
Join The Wordfence Newsletter:
https://www.wordfence.com/subscribe-to-the-wordfence-email-list/
🛡️ Get Wordfence: https://www.wordfence.com/products/pricing/
⭐ Wordfence is Trusted by over 5 Million Websites

A serious unauthenticated SQL injection vulnerability has been disclosed in the Ally WordPress plugin, potentially exposing hundreds of thousands of websites to attack.

This flaw could allow threat actors to extract sensitive database information — including password hashes — without needing to log in. That means full data exposure could be just a single exploit away.

👉 If you’re running Ally, update to version 4.1.0 or later immediately.

In this short clip from Wordfence Security News, we break down what this vulnerability means, how attackers could abuse it, and what you need to do right now to stay protected.

⸻

🔐 Key Takeaways:
• Unauthenticated SQL injection vulnerability
• Affects 400,000+ WordPress sites
• Risk of sensitive data exposure (including credentials)
• Immediate patch available (v4.1.0+)

Read The Full Story On The Wordfence Blog: https://www.wordfence.com/blog/2026/03/400000-wordpress-sites-affected-by-unauthenticated-sql-injection-vulnerability-in-ally-wordpress-plugin/

Subscribe To The Wordfence Security News Weekly Podcast:
https://www.youtube.com/playlist?list=PL1tmvSub1Gq577ZAHXWRyjUW3TAU8lQKW
Stay informed and secure: read the full details and expert analysis on the Wordfence blog:

https://www.wordfence.com/blog/

🔗 Get Wordfence today: https://www.wordfence.com/
🔐 Learn more about WordPress security: https://www.wordfence.com/learn/

#allyplugin #sqlinjection #WordPressSecurity #Wordfence #WordPressPlugin #websecurity #cybersecurity #WordPressVulnerability #allywordpressplugin

===== Protect Your Site With Wordfence =====

✅ Get Wordfence Free: https://www.wordfence.com/products/wordfence-free/
✅ Get Wordfence Premium: https://www.wordfence.com/products/wordfence-premium/
✅ Get Wordfence Care: https://www.wordfence.com/products/wordfence-care/
✅ Get Wordfence Response: https://www.wordfence.com/products/wordfence-response/

📝 Wordfence Audit Log:
All premium Wordfence plans include access to the Wordfence Audit Log -- capturing, securely storing, and protecting important security events for forensic analysis.

🔵 Connect Your Sites To Wordfence Central:
https://www.wordfence.com/help/central/
Manage all your WordPress sites from one centralized dashboard.

💸 Want to earn money promoting Wordfence? Join the Wordfence Affiliate Program:
👉 Learn more: https://www.youtube.com/watch?v=t4REbBmcuWQ
👉 Join: https://www.wordfence.com/affiliate

🐞 Earn money via our Bug Bounty Program:
Find vulnerabilities in WordPress plugins and themes and get rewarded!
👉 Join: https://www.wordfence.com/refer/youtube

Join the WordPress Security discussion on Reddit in r/wordfence:
https://www.reddit.com/r/wordfence/

🗒️ Full Transcript: An unauthenticated SQL injection vulnerability was disclosed in the Ally WordPress plugin, which is installed on more than four hundred thousand sites. That flaw could allow threat actors to extract sensitive data, like password hashes, from a site's database without logging in. Upgrade to 4.1.0 or later as soon as possible.

Видео 400,000 WordPress Sites at Risk from SQL Injection Vulnerability in Ally WordPress Plugin канала Wordfence