Security PSA: Just A Ton Of Vulnerable Plugins
Wordfence has reported that over 100 WordPress plugins are impacted by shortcode-related vulnerabilities. A number of patches have been pushed out already, and while we've been making an effort to apply them across our infrastructure, we do need your help in ensuring your site and its themes/plugins are up to date. Patched software is one of the best means of protecting yourself from malicious actors.
These specific vulnerabilities do require that an attacker has already gained access to your site and the account they're using has some level of permissions to make changes to the site; contributor or higher. So it's worth checking if any new and suspicious accounts have been created. If you notice any, please immediately reach out to our support team.
For existing accounts, we ask that you use strong passwords and 2FA to ensure they are secure. Consider using a password manager like Bitwarden or 1Password to make managing all of that much easier.