This article covers our public notifications related to major security issues our clients and the WordPress community should know about. We are always focused on prevention and the mitigation of risk to our clients, and keeping you updated here is part of that process.
List of Vulnerable Plugins, March 2021
[visualizer id=”22079″ lazy=”no” class=””]
Plugins Removed From WordPress Repository
[visualizer id=”22083″ lazy=”no” class=””]
WordPress security team decides to close a plugin when a security issue is found and the developer doesn’t release a patch in a timely manner. You can read more about this here. If you are using one or more of the above plugins we recommend deactivating them until the developer releases a patch for the mentioned vulnerability or consider a more reliable alternative.
Relevant Vulnerabilities
| ht-slider-for-elementor: | Arbitrary Post Creation |
This month we found and reported a medium severity vulnerability in this plugin affecting versions <= 1.2.3. If exploited, any unauthenticated attacker would be able to create arbitrary posts in the vulnerable site.
| Multiple thrive plugins and themes: | Option Update and File Upload |
Over 100,000 websites were exposed to this vulnerability. All Pagely customers using these plugins were patched the same day this vulnerability was made public.