A new blog post by Wordfence has highlighted a newly discovered WordPress
security vulnerability in the Ad Inserter plugin. This is a popular plugin with over 200,00 installs on websites.
The weakness allowed authenticated users (Subscribers and above) to execute arbitrary PHP code on websites using the plugin.
Wordfence's threat intelligence team has privately disclose the issue to the plugin's developer, who released a patch the very next day.
This is considered a critical security issue, and websites running Ad Inserter 2.4.21 or below should be updated to version 2.4.22 right away.
What is Ad Inserter?
When you install Ad Inserter you gain the tools to manage the ads on your website effectively. You also gain advanced options for inserting opt-in forms, Javascirpt, CSS, HTML, Header Scripts, PHP, analyticsm tracking or ad code anywhere on the site. A really strong tool if you are managing ads on your site, Ad Inserter also has a preview features to check that ad blocks are constructed properly before it becomes available to your audience.
We're not against the powerful plugin but we do suggest you invest in a premium security service on your website. This should be a standard practice for all websites due to the open source code that WordPress is supported by.
If you are concerned with the security of your WordPress website AlphaKOR can help. We offer WordPress security plans suitable for every budget. We perform backups, updates, firewall implementation and maintenance to your site, assuring that it remains free of security vulnerabilities.