Critical SQL Injection Vulnerability in Subscribe to Category Plugin

WordPress website owners using the Subscribe to Category Plugin: An urgent security advisory has been issued for a critical SQL Injection vulnerability, posing severe risks to the website’s security and potentially exposing sensitive information to malicious actors.

The security flaw was discovered and responsibly reported by Mika, underscoring the significance of collaborative efforts in ensuring a secure WordPress environment.

The vulnerability lies in the Subscribe to Category Plugin, where attackers could exploit the flaw to directly interact with the website’s database, potentially leading to unauthorized access and stealing sensitive information.

Severity:

This SQL Injection vulnerability is classified as critical, with a CVSS 3.1 score of 9.3, highlighting its significant impact on the website’s security and the potential for devastating data breaches.

Affected Versions:

At present, no patched version is available, and the plugin has been closed as of June 27, 2023, pending a full review. It is not available for download during this temporary closure.

Impact:

If exploited, malicious actors could directly interact with the website’s database, potentially gaining unauthorized access and stealing sensitive information. This includes but is not limited to user data, login credentials, and other confidential details.

Recommendation:

Given the critical severity of this vulnerability and the unavailability of a patched version, immediate action is essential to safeguard your WordPress website:

Disable the Subscribe to Category Plugin: As an immediate measure, disable the plugin to mitigate the risk of exploitation. During the temporary closure, it is urgent to prevent any potential vulnerabilities from being exploited.
Seek Alternatives: Look for alternative plugins that provide similar functionality to Subscribe to Category while ensuring a strong security track record and regular updates.
Monitor Official Updates: Stay informed about any updates from the plugin’s developers regarding a potential fix or reopening after the full review.
Consult Security Experts: Seek advice from WordPress security experts or developers to assess the potential impact on the website and implement additional security measures.

Critical SQL Injection Vulnerability in Subscribe to Category Plugin

Severity:

Affected Versions:

Impact:

Recommendation:

Related Articles

Critical XSS Vulnerability in Smart Online Order for Clover Plugin

Cross-Site Scripting (XSS) vulnerability in Online Booking & Scheduling Calendar Plugin

Remote Code Execution (RCE) vulnerability in WordPress File Manager Pro Plugin

Arbitrary File Upload vulnerability in WordPress Olive One Click Demo Import Plugin

Critical XSS Vulnerability in Variation Swatches for WooCommerce Plugin

Insecure Direct Object References (IDOR) vulnerability in WordPress Simplr Registration Form Plus+ Plugin

Categories

Latest Blog Updates

Unmasking a Persistent Malware Attack on a WordPress Website

Investigating and Resolving High CPU Usage in WordPress Due to Malicious Crawlers

Unmasking a Hidden Malware Attack Targeting Users from Search Results

Critical Broken Access Control Vulnerability in WP Travel Plugin

Critical Broken Access Control Vulnerability in WooODT Lite Plugin

Critical Local File Inclusion Vulnerability in HTML filter and csv-file search Plugin

Critical Remote Code Execution Vulnerability in PHP to Page Plugin