Gutenberg Template Plugins Gaps Put Million WordPress Websites at Risk
Countless websites are vulnerable due to two security holes in WordPress Gutenberg Template Library & Redux Framework plugin. After successful attacks, attackers could install plug-ins containing malicious code or delete posts.
According to the official website of the WordPress plugin, the software has over a million active installations. This allows you to manage and use templates for website design, among other things. Administrators should ensure that they have installed version 4.2.13. The developers claim that the two vulnerabilities (CVE-2021-38312, “high“, CVE-2021-38314,”environment“) for having closed.
Due to insufficient checks in the WordPress REST API, an attacker registered as an author could install any plugin from the WordPress repository. If it downloads software prepared with malicious code there, it could trigger a website takeover after installation.
By successfully exploiting the second vulnerability, an attacker could gain access to configuration information from websites that were in fact closed. Wordfence loophole discoverers state in an article that the developers of the plug-in released a security patch in less than a week.
Source of the article
Disclaimer: This article is generated from the feed and is not edited by our team.