Over 1 Million Sites Affected by Gutenberg Template Library & Redux Framework Vulnerabilities
https://www.wordfence.comOn August 3, 2021, the Wordfence Threat Intelligence team initiated the disclosure process for two vulnerabilities we discovered in the Gutenberg Template Library & Redux Framework plugin, which is installed on over 1 million WordPress sites. One vulnerability allowed users with lower permissions, such as contributors, to install and activate arbitrary plugins and delete any post or page via the REST API. A second vulnerability allowed unauthenticated attackers to access potentially sensitive information about a site’s configuration.
We strongly recommend that all users update to the latest version of the plugin, 4.2.14 as of this writing, as soon as possible.