Severe Vulnerabilities Patched in Simple 301 Redirects by BetterLinks Plugin

The Wordfence Threat Intelligence team reported several vulnerabilities they had discovered in Simple 301 Redirects by BetterLinks, a WordPress plugin installed on over 300,000 sites. One of these flaws made it possible for unauthenticated users to update redirects for the site allowing an attacker to redirect all site traffic to an external malicious site. In addition, there were several remaining flaws that made it possible for authenticated users to perform actions like installing and activating plugins, in addition to less critical actions.

An initial patch was released on April 15, 2021, and a fully patched version of the plugin was released on May 5, 2021 as version 2.0.4.


Over 600,000 Sites Impacted by WP Statistics Patch

The Wordfence Threat Intelligence team discovered and reported a vulnerability in WP Statistics, a plugin installed on over 600,000 WordPress sites.

The vulnerability allowed any site visitor to extract sensitive information from a site’s database via Time-Based Blind SQL Injection.

We received a response to our initial disclosure the same day, on March 13, 2021, and sent the full disclosure to the plugin’s developers at VeronaLabs. A patch for this vulnerability was released on March 25, 2021.


Critical Vulnerability Patched in External Media Plugin

On February 2, 2021, the WordFence Threat Intelligence team discovered a vulnerability in External Media, a WordPress plugin used by over 8,000 sites, and reported it to the developer. This flaw made it possible for authenticated users, such as subscribers, to upload arbitrary files on any site running the plugin. This vulnerability could be used to achieve remote code execution and take over a WordPress site.

After several minor patches and follow-ups with the developer, a fully patched version was released as version 1.0.34.

This is considered a critical vulnerability. Therefore, we highly recommend updating to the latest patched version available, 1.0.34, immediately.

All of our client sites have of course been updated.

SQL Injection Vulnerability Patched in CleanTalk AntiSpam Plugin

The CleanTalk WordPress plugin has a number of uses, but one of its primary purposes is to protect sites against spam comments. Part of how it does this is by maintaining a blocklist and tracking the behavior of different IP addresses, including the user-agent string that browsers send to identify themselves.

Many of our users have CleanTalk installed.

The vulnerability was patched on March 10 and the update was applied to all our client sites within 24 hrs. Fortunately, we’re not aware of any clients having become victims.

Article source: