· Design My Website · Security · 1 min read
1 Million WordPress sites are affected by this!
Wordfence found two flaws in the Redux Framework plugin used on over 1 million WordPress sites. See what was affected and how Wordfence protects your site.

“On August 3, 2021, the Wordfence Threat Intelligence team initiated the disclosure process for two vulnerabilities we discovered in the Gutenberg Template Library & Redux Framework plugin, which is installed on over 1 million WordPress sites. One vulnerability allowed users with lower permissions, such as contributors, to install and activate arbitrary plugins and delete any post or page via the REST API. A second vulnerability allowed unauthenticated attackers to access potentially sensitive information about a site’s configuration.
The plugin’s publisher, Redux.io, replied almost immediately to our initial contact and we provided full disclosure the same day, on August 3, 2021. A patched version of the plugin, 4.2.13, was released on August 11, 2021.
Wordfence Premium users received a firewall rule to protect against the vulnerability targeting the REST API on August 3, 2021. Sites still running the free version of Wordfence will receive the same protection after 30 days, on September 2, 2021.” Source: Wordfence
Find out more about this vulnerability and how you can use Wordfence to protect your website.
All of the Design My Website maintenance plans come with a free install of Wordfence.
About the author
Tommy O'Shea
Tommy owns and runs Design My Website, a web design studio in Kilcummin, Co. Kerry. He has built and maintained over 100 websites for businesses across Kerry, Cork and Ireland over the last 13 years.


