WordPress website owners using the Subscribe to Category Plugin: An urgent security advisory has been issued for a critical SQL Injection vulnerability, posing severe risks to the website’s security and potentially exposing sensitive information to malicious actors.

The security flaw was discovered and responsibly reported by Mika, underscoring the significance of collaborative efforts in ensuring a secure WordPress environment.

The vulnerability lies in the Subscribe to Category Plugin, where attackers could exploit the flaw to directly interact with the website’s database, potentially leading to unauthorized access and stealing sensitive information.

Severity:

This SQL Injection vulnerability is classified as critical, with a CVSS 3.1 score of 9.3, highlighting its significant impact on the website’s security and the potential for devastating data breaches.

Affected Versions:

At present, no patched version is available, and the plugin has been closed as of June 27, 2023, pending a full review. It is not available for download during this temporary closure.

Impact:

If exploited, malicious actors could directly interact with the website’s database, potentially gaining unauthorized access and stealing sensitive information. This includes but is not limited to user data, login credentials, and other confidential details.

Recommendation:

Given the critical severity of this vulnerability and the unavailability of a patched version, immediate action is essential to safeguard your WordPress website:

  1. Disable the Subscribe to Category Plugin: As an immediate measure, disable the plugin to mitigate the risk of exploitation. During the temporary closure, it is urgent to prevent any potential vulnerabilities from being exploited.
  2. Seek Alternatives: Look for alternative plugins that provide similar functionality to Subscribe to Category while ensuring a strong security track record and regular updates.
  3. Monitor Official Updates: Stay informed about any updates from the plugin’s developers regarding a potential fix or reopening after the full review.
  4. Consult Security Experts: Seek advice from WordPress security experts or developers to assess the potential impact on the website and implement additional security measures.