A critical vulnerability in the WordPress Bold Page Builder plugin, which has 20,000+ active installations, has been exploited for the past 24 hours.
Reference
CVE-2019-15821
Vulnerability
The vulnerability allows any unauthenticated user to perform actions that only an administrator should be allowed to do (e.g., modifying settings and importing data).
Recommendation
A new version 2.3.2 was released a few hours ago and users should update immediately. We also have pushed new security rules for our web application firewall for WordPress, NinjaFirewall.
Stay informed about the latest vulnerabilities in WordPress plugins and themes: @nintechnet