The plugin was recently discovered to have a critical security flaw that could cause data leak and unauthorized access. The vulnerability is caused by the lack of sanitizing the user input when being sent to the server via HTTP request. This allows an attacker to inject malicious code into the website and steal sensitive data. The reported timeline for the patch is on January 25, 2019. However, if you have installed and activated the plugin before this date, you will still be vulnerable to this. As always, you should update WordPress as soon as possible to avoid these vulnerabilities. You can do this by activating automatic updates in your control panel or by downloading the latest version of WordPress directly.

How to Update WordPress to Avoid Image Hover Effects Vulnerability?

Step 1: Visit WordPress.org and Sign Up if you Don’t Already Have One

The first step is to visit WordPress.org and sign up if you don’t already have one.

Step 1: Visit WordPress.org and Activate Automatic Updates

If you're running an older version of WordPress, you should update to the latest version. You can do this by going to your WordPress site's dashboard, clicking on the "Updates" tab and then clicking "Automatically Update Now." This will automatically download and install the latest version of WordPress onto your site.

Update WordPress Plugins

The best way to avoid this vulnerability is to update all of your plugins. You can do this by going to your WordPress dashboard, clicking on Plugins, and then clicking on Updates. There is also a possibility you could have unknowingly installed the vulnerable plugin as part of a WordPress theme. If you're unsure if your website is still vulnerable, you can go to the tool that was created by the developer of the vulnerable plugin and simply type in your website domain name in order to test it for compatibility.

Update WordPress core

If you have not updated WordPress to avoid this vulnerability, update your core as soon as possible.
To update WordPress core, go to https://wordpress.org/latest-core.zip and download it on your computer. Then unzip the file and upload the extracted folder to your website's directory to overwrite the existing one.

Installing WordPress Updates Automatically

If you have installed and activated the plugin before January 25, 2019, then your website is still vulnerable to this vulnerability. You should update WordPress as soon as possible to avoid these vulnerabilities.

Installing automatic updates in your control panel or by downloading the latest version of WordPress directly.

Timeline

Published on: 11/18/2022 23:15:00 UTC
Last modified on: 11/22/2022 20:36:00 UTC

References