Welcome to the Monthly Software Bugs Digest, your one-stop shop for the latest information on some of the most major bugs in games, mobile apps, e-commerce, and other industries.
If you are interested in learning more about software defects and their impact on businesses worldwide, read on! In today’s episode, we are going to talk about ChatGPT, GTA, and WordPress plugins. Let’s go!
CNET is reviewing its AI-written articles after receiving an alert of serious errors
We are kicking off our digest with the hottest topic in the software industry — ChatGPT. Yes, we know you are probably tired of reading how revolutionary this thing is, but today we want to highlight another side of the coin. Putting your trust in AI without fact-checking can be dangerous.
CNET, a well-known tech and finance news publisher, is reviewing its AI-written articles after being notified of serious errors.
According to the research conducted by the popular media resource Futurism, one of CNET’s articles called “What Is Compound Interest?” contains a handful of misinformation. The AI wrote that “you’ll earn $10,300 at the end of the first year” — instead of just $300 — if you deposit $10,000 into an account that earns 3 percent interest compounding annually. The AI also made errors in explaining loan interest rate payments and certificates of deposit or CDs.
The article was edited, and the mistakes were corrected. However, the lesson should be learned — do not blindly trust AI, always double-check the facts.
By the way, have you seen how easy it is to trick the machine? This technology is still young and will take years to evolve and get all the jokes.
Hackers exploit a bug in the WordPress gift card plugin with 50 thousand installs
Hackers are exploiting YITH WooCommerce Gift Cards Premium, a popular gift card plugin used by over 50k WordPress websites. It’s utilized by website operators to sell gift cards in their online stores and needs authentication to post any new updates.
The vulnerability allows unauthenticated people to remotely upload files to the related sites and manage them with near-admin access. Researchers noted that hackers could set web shells (like backdoors) to provide themselves full access to the vulnerable area.
Observing the rise of such attacks, the maker of the plug-in has released a patched version, 3.21.0, and asked users to update it. Yet, a number of sites are still running on the insecure 3.19 and 3.20 versions of this plugin, keeping them at risk.
GTA Online bug exploited to ban corrupt players’ accounts
One of the most popular games ever, Grand Theft Auto (GTA), is making the news again. This time, players report losing game progress, in-game money thefts, and bans from game servers.
GTA Online issue revolves around “partial remote code execution”. That means malicious users can affect players’ PCs through GTA Online. There’s some good news here — it affects only PC players, not those on Xbox or PlayStation consoles.
According to the user reports, the exploit can impact even players not in the same multiplayer lobby as the attackers. So anyone, as long as they’re online, is susceptible to attacks.
Rockstar has acknowledged the issue on Twitter, saying, “we are aware of potential new exploits in GTA Online for PC, which we aim to resolve in an upcoming planned security-related Title Update.”
We hope this issue will be eliminated soon and that all players can enjoy their favorite game without fear.
WordPress plugin flaw affects 75 thousand sites
The WordPress online course plugin ‘LearnPress’ was vulnerable to multiple critical-severity flaws, including pre-auth SQL injection and local file inclusion.
LearnPress is a learning management system plugin that allows WordPress websites to create and sell online courses, lessons, and quizzes. It does not require coding knowledge to develop and provides visitors with a friendly interface.
The vulnerabilities in the plugin were fixed in December last year with the release of LearnPress version 4.2.0. However, according to WordPress.org stats, only about 25% have applied the update.
This means roughly 75,000 websites could be using a vulnerable version of LearnPress, exposing themselves to severe security flaws.
That is it for the January bug digest. Stay safe out there, and remember that checking your software is crucial for the long-term success of your business.
If you are looking for an independent testing provider to ensure the quality of your software, contact us for a customized approach to your QA needs.