Critical vulnerabilities in WordPress plugins – November 2021
To ensure that your WordPress website is secure and stays that way, you need to have a security plugin.
One reason is that they report regularly on critical vulnerabilities of plugins you might use.
There are few available, although my preference goes to Wordfence.
Critical vulnerabilities in WordPress plugins – November 2021
The Wordfence Threat Intelligence team found sofar these vulnerabilities:
Site Deletion Vulnerability in Hashthemes Plugin
A plugin installed on over 7,000 sites.
A vulnerability in a Hashthemes plugin which could completely reset a website, permanently destroying all site content.
Update to the latest version available as soon as possible.
Vulnerabilities in the OptinMonster plugin
A plugin installed on over a million sites.
These flaws made it possible for an unauthenticated attacker, meaning any site visitor, to export sensitive information and add malicious JavaScript to WordPress sites, among many other actions.
Make sure your site has been updated to the latest version of OptinMonster
A vulnerability in NextScripts: Social Networks Auto-Posterer
A plugin installed on over 100,000 sites.
This vulnerability could take over a site by hijacking an administrator session.
Update to the latest version of the plugin.
A vulnerability in WP DSGVO Tools (GDPR)
A flaw that allowed unauthenticated attackers to completely and permanently delete arbitrary posts and pages on a website.
A patched version, which included a fix for both this issue and a separate XSS vulnerability, was made available.
A vulnerability in the “Starter Templates — Elementor, Gutenberg & Beaver Builder Templates” plugin
A WordPress plugin installed on over million sites.
Allows lower-privileged users, such as Contributors, to overwrite existing posts and pages with arbitrary blocks containing malicious JavaScript.
Update to the latest version of the plugin available immediately.
A vulnerability Preview E-mails for WooCommerce, a WordPress plugin that is an extension for WooCommerce.
A plugin installed over 20,000 sites.
This flaw made it possible for an attacker to inject malicious JavaScript into a page that would execute if the attacker successfully tricked a site’s administrator into performing an action like clicking on a link.
Update to the latest patched version available.
All the best,
Luc
Thank you for your time. All you have to do now is click one of the buttons below to share with people you know or leave a comment. I thank you if you do ?
About The Author
lucbizz
I’m Luc Dermul, a Belgian online entrepreneur living in “the big apple of Flanders” Antwerp