“On August 3, 2021, the Wordfence Threat Intelligence team initiated the disclosure process for two vulnerabilities we discovered in the Gutenberg Template Library & Redux Framework plugin, which is installed on over 1 million WordPress sites. One vulnerability allowed users with lower permissions, such as contributors, to install and activate arbitrary plugins and delete any post or page via the REST API. A second vulnerability allowed unauthenticated attackers to access potentially sensitive information about a site’s configuration.
The plugin’s publisher, Redux.io, replied almost immediately to our initial contact and we provided full disclosure the same day, on August 3, 2021. A patched version of the plugin, 4.2.13, was released on August 11, 2021.
Wordfence Premium users received a firewall rule to protect against the vulnerability targeting the REST API on August 3, 2021. Sites still running the free version of Wordfence will receive the same protection after 30 days, on September 2, 2021.” Source: Wordfence
Find out more about this vulnerability and how you can use Wordfence to protect your website.
All of the Design My Website maintenance plans come with a free install of Wordfence.
Contact us today for more details on our maintenance packages.