Wordfence reported today on a vulnerability in the popular “Really Simple Security” plugin, that they described as, “one of the more serious vulnerabilities that we have reported on in our 12 year history as a security provider for WordPress.“
The vulnerability allows an attacker to easily take full control of a WordPress site.
When alerted to this vulnerability, Workhorse immediately evaluated all the WordPress websites we are responsible for. This includes websites we host as well as those we have site health and retainer agreements to manage.
After that review we determined that only a single website was running the affected plugin and version, and it was quickly remediated.
In addition, our WordPress website are protected by a “virtual patching” service which will protect against vulnerabilities before any affected plugins are updated, providing an additional layer of protection.
If you’re not sure if you are affected, please contact us.