Critical vulnerabilities in WordPress plugins – September 2021


To ensure that your WordPress website is secure and stays that way, you need to have a security plugin.

One reason is that they report regularly on critical vulnerabilities of plugins you might use.

There are few available, although my preference goes to Wordfence.

Critical vulnerabilities in WordPress plugins – September 2021

The Wordfence Threat Intelligence team found sofar these vulnerabilities:

Bypass Vulnerability Patched in Booster for WooCommerce

A WordPress plugin installed on over 80,000 sites.

This vulnerability allows an attacker to gain admin access to a WordPress site by initiating an email verification request, then crafting the verification URL themselves, and using that URL to automatically log in as the site admin.

They strongly recommend updating immediately to the latest patched version of Booster for WooCommerce, which is version 5.4.4.

Read full details

Nested Pages Patches Post Deletion Vulnerability

A WordPress plugin installed on over 80,000 sites.

These vulnerabilities included a Cross-Site Request Forgery vulnerability that allowed posts and pages to be deleted, unpublished or assigned to a different author in bulk, as well as a separate open redirect vulnerability.

They strongly recommend it to update to the latest patched version of Nested Pages to ensure your site is protected against exploits targeting these vulnerabilities.

Read full details

Gutenberg Template Library & Redux Framework Vulnerabilities

A plugin installed on over 1 million websites.

One vulnerability allowed users with lower permissions, such as contributors, to install and activate arbitrary plugins and delete any post or page via the REST API. A second vulnerability allowed unauthenticated attackers to access potentially sensitive information about a site’s configuration.

The Gutenberg Template Library & Redux Framework plugin allows site owners to add blocks and block templates to extend the functionality of a site by choosing them from a library. In order to do this, it uses the WordPress REST API to process requests to list and install blocks, manage existing blocks, and more.

They strongly recommend that all users update to the latest version of the plugin, 4.2.14.

Read full details

All the best,

Luc

Thank you for your time. All you have to do now is click one of the buttons below to share with people you know or leave a comment. I thank you if you do 🙂

Add a Comment

Your email address will not be published. Required fields are marked *