We recently had what appeared to be a hacker probing for usage of the WordPress plugin GutenKit on our website. That likely is related to a vulnerability that had existed in the plugin. The developer wasn’t exactly upfront about that as what appears to be the relevant changelog entry only says “Improved: Security for external plugin installations.” The developer also still doesn’t seem to understand how to properly secure code that they have run through the WordPress REST API.

The relevant code exists in the file /includes/Admin/Api/ActivePluginData.php. That file registers a function to install another plugin in a way that makes it accessible to even those not logged in to WordPress: [Read more]