We're reaching out to you today to ensure that you are up to date regarding the latest security issues that may be affecting your website. Keeping our community safe and educated is of great importance to us.
The attack vector used to exploit this vulnerability requires the attacker to have an account on the victim's site. It doesn't matter what the account privileges are – for example, a subscriber could exploit this issue. The issue occurs because the plugin doesn't escape parameters provided by its shortcodes before concatenating it to an SQL query.
A malicious individual using this bug could (among other things) leak the site's usernames and hashed passwords. In certain configurations, it can also leak WordPress secret keys.
Websites behind the Sucuri Firewall have been protected against this threat
via our Virtual Hardening / Patching technology.
If you don't have our Website Application Firewall enabled, sign up now below!
This email does not mean you are affected!
Being proactive in the protection of your site is one of the most important aspects of having a solid security posture. Therefore, we feel it's important to research and report on all potential threats as quickly as possible.
Sincerely, - Your Sucuri Security Team
Sucuri Security 30141 Antelope RD Menifee, CA 92584
You received this email because you are subscribed to Marketing Information from Sucuri Security.