Security News > 2021 > September > Gutenberg Template Library & Redux Framework Bugs Plague WordPress Sites

Two vulnerabilities have been found in the Gutenberg Template Library & Redux Framework plugin for WordPress, which is installed on more than 1 million websites.

It exists because the Gutenberg Template Library & Redux Framework plugin registers several AJAX actions available to unauthenticated users, one of which is deterministic and predictable, making it possible to uncover what the $support hash for a site would be.

January: Researchers warned of two vulnerabilities in a WordPress plugin called Orbit Fox that could allow attackers to inject malicious code into vulnerable websites and/or take control of a website.

January: A plugin called PopUp Builder, used by WordPress websites for building pop-up ads for newsletter subscriptions, was found to have a vulnerability that could be exploited by attackers to send out newsletters with custom content, or to delete or import newsletter subscribers.

March: The Plus Addons for Elementor plugin for WordPress was discovered to contain a critical security vulnerability that attackers can exploit to quickly, easily and remotely take over a website.

July: A critical cross-site scripting bug that affects WordPress sites running the Frontend File Manager plugin was found.

News URL

https://threatpost.com/gutenberg-template-library-redux-bugs-wordpress/169111/