Vulnerability in EWWW Image Optimizer plugin. Severity 9.6 (Critical)
We disclosed a critical remote code execution vulnerability in the EWWW Image Optimizer plugin to the author yesterday morning. He responded very quickly and published a fix this morning. The plugin is very popular with over 300,000 active installs, according to wordpress.org.
Wordfence Senior Developer Sean Murphy discovered the Remote Command Execution vulnerability which an attacker can exploit on multisite WordPress installations to gain complete control of a WordPress site. Sean is the same researcher who discovered the critical security hole in Freshdesk that affected thousands of Freshdesk corporate customers, which we announced last month.
The vulnerability can be exploited in a number of ways including creating a backdoor or taking a site down altogether. To learn more about what hackers do with compromised websites, check out our blog post from April.
Severity: 9.6 (Critical)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
What to do
If you are running the Premium version of Wordfence and have the firewall enabled you are already protected. We added a firewall rule that protects against this vulnerability yesterday morning.
Free Wordfence users running the vulnerable version of the EWWW plugin should update to version 2.8.5 immediately.