This vulnerability affects versions 3.2.8 and below from the Solid Central / iThemes Sync helper plugin.
The solution: version 3.2.9
To fully resolve this issue and ensure the security of your sites, we have released an update permanently removes the message duplication feature.
By removing this specific feature, we have completely eliminated the vulnerable code path. If you currently rely on post-duplication, we recommend migrating to one of the many high-quality, dedicated alternatives available for free in the WordPress.org plugin directory.
Our product focus
We have been planning to discontinue this feature for some time now. Our core vision for Solid Central is to provide the best in the industry site management platform – focused on security, backups and updates – rather than content management tools such as post editing.
While this disclosure accelerated our timeline, our engineering and product teams agreed that streamlining the plugin was now the most effective way to keep your sites efficient and secure.
Required action
Immediately update the Solid Central helper plugin to the latest version (3.2.9 or later). When updating, the vulnerable code is automatically removed. To date we have received no reports that this vulnerability is being exploited in the wild; However, immediate updates are always a best practice to stay ahead of potential threats.
We appreciate your continued confidence in Solid Central as the most secure and efficient site management tool for your workflow.
#Security #Advisory #Vulnerability #fixed #Solid #Central #iThemes #Sync