Update: The Official MailerLite Sign Up Forms plugin for WordPress had been updated to version 1.4.5 on 26th May 2020 which is said to patch the vulnerability. While the new version is out, it is important to update the plugin if you have it installed on your site. We also hope that sufficient notifications are delivered to the affected users to have them update the plugin as soon as possible.
A new and critical vulnerability has been discovered in the Official MailerLite Sign Up Forms plugin for WordPress (for versions 1.4.4 and below). The vulnerability allows an unauthorized attacker to perform an SQL injection and gain access to the administrative panel of the site. Also, the plugin is vulnerable to CSRF attacks.
Here are the details of the vulnerability:
We recommend you to start scanning your sites immediately, rather than waiting for an automatic scan to run or to wait for an updated version of the plugin.
This vulnerability will lead to massive WordPress security issues for your site. As a reminder, hackers will be able to create a backdoor to your WordPress site and doing tasks with administrative roles.
If you are using the Official MailerLite Sign Up Forms plugin, we recommend you to update it immediately.