Wordfence this week disclosed a critical remote code execution vulnerability found in the EWWW Image Optimizer plugin to the plugin’s author Shane Bishop.
Bishop yesterday released a fix for the vulnerability, which can be found on WordPress.org. Users running the EWWW Image Optimizer plugin should update to version 2.8.5 immediately as this is a critical security update.
According to Wordfence, the vulnerability, which was discovered by Wordfence Senior Developer Sean Murphy, allows hackers to exploit multisite installations to gain total control of a site.
“The vulnerability can be exploited in a number of ways including creating a backdoor or taking a site down altogether,” Wordfence said.
EWWW Image Optimizer is one of the most popular image optimization plugins for WordPress with more than 300,000 downloads in the WordPress plugin directory. Again, users who are running this plugin should update to version 2.8.5 as soon as possible.
No Comments