WordPress websites that use the Gutenberg template plugin are affected by a critical security vulnerability. Hackers can attack the Library & Redux framework and thus completely paralyze the site. A security patch is already available for download.
Millions of pages at risk
No less than two security vulnerabilities can completely cripple the WordPress Gutenberg Template Library & Redux Framework. This enables attackers to install malicious plug-ins or delete posts.
Specifically, after a successful attack, attackers could install arbitrary plug-ins from the WordPress repository and gain admin rights for the corresponding website. By successfully exploiting the second vulnerability, an attacker could additionally access and modify website configuration information that is actually compartmentalized.
According to the official WordPress page, the corresponding plugin has already been downloaded over one million times. Among other things, it is used to manage and set templates for website designs. Website owners should definitely make sure to install the updated version 4.2.13, which already comes with a security patch to fix the vulnerabilities. The corresponding security patch was made available around two weeks after the vulnerability was discovered.