Written by Editorial Team on May 26, 2020

Critical Vulnerability Found In The Official MailerLite Sign Up Forms Plugin For WordPress

Update: The Official MailerLite Sign Up Forms plugin for WordPress had been updated to version 1.4.5 on 26th May 2020 which is said to patch the vulnerability. While the new version is out, it is important to update the plugin if you have it installed on your site. We also hope that sufficient notifications are delivered to the affected users to have them update the plugin as soon as possible.

A new and critical vulnerability has been discovered in the Official MailerLite Sign Up Forms plugin for WordPress (for versions 1.4.4 and below). The vulnerability allows an unauthorized attacker to perform an SQL injection and gain access to the administrative panel of the site. Also, the plugin is vulnerable to CSRF attacks.

Here are the details of the vulnerability:

  • Plugins with version below 1.4.4 are affected
  • Affected file: include/mailerlite-admin.php.

We recommend you to start scanning your sites immediately, rather than waiting for an automatic scan to run or to wait for an updated version of the plugin.

Want to learn more about this WordPress vulnerabilities? Click here for more details.

Why should you care about this WordPress vulnerability?

This vulnerability will lead to massive WordPress security issues for your site. As a reminder, hackers will be able to create a backdoor to your WordPress site and doing tasks with administrative roles.

If you are using the Official MailerLite Sign Up Forms plugin, we recommend you to update it immediately.

Article written by Editorial Team

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Posts