Critical vulnerabilities in WordPress plugins – November 2021

Critical vulnerabilities in WordPress plugins – November 2021


To ensure that your WordPress website is secure and stays that way, you need to have a security plugin.

One reason is that they report regularly on critical vulnerabilities of plugins you might use.

There are few available, although my preference goes to Wordfence.

Critical vulnerabilities in WordPress plugins – November 2021

The Wordfence Threat Intelligence team found sofar these vulnerabilities:

Site Deletion Vulnerability in Hashthemes Plugin

A plugin installed on over 7,000 sites.

A vulnerability in a Hashthemes plugin which could completely reset a website, permanently destroying all site content.

Update to the latest version available as soon as possible.

Read full details

Vulnerabilities in the OptinMonster plugin

A plugin installed on over a million sites.

These flaws made it possible for an unauthenticated attacker, meaning any site visitor, to export sensitive information and add malicious JavaScript to WordPress sites, among many other actions.

Make sure your site has been updated to the latest version of OptinMonster

Read full details

A vulnerability  in NextScripts: Social Networks Auto-Posterer

A plugin installed on over 100,000 sites.

This vulnerability could take over a site by hijacking an administrator session.

Update to the latest version of the plugin.

Read full details

A vulnerability in WP DSGVO Tools (GDPR)

A flaw that allowed unauthenticated attackers to completely and permanently delete arbitrary posts and pages on a website.

A patched version, which included a fix for both this issue and a separate XSS vulnerability, was made available.

Read full details

A vulnerability in the “Starter Templates — Elementor, Gutenberg & Beaver Builder Templates” plugin

A WordPress plugin installed on over million sites.

Allows lower-privileged users, such as Contributors, to overwrite existing posts and pages with arbitrary blocks containing malicious JavaScript.

Update to the latest version of the plugin available immediately.

Read full details

A vulnerability Preview E-mails for WooCommerce, a WordPress plugin that is an extension for WooCommerce.

A plugin installed over 20,000 sites.

This flaw made it possible for an attacker to inject malicious JavaScript into a page that would execute if the attacker successfully tricked a site’s administrator into performing an action like clicking on a link.

Update to the latest patched version available.

Read full details

All the best,

Luc

Thank you for your time. All you have to do now is click one of the buttons below to share with people you know or leave a comment. I thank you if you do 😉

Add a Comment

Your email address will not be published. Required fields are marked *