WordPress LJUsers Plugin Vulnerability

The LJUsers plugin is a WordPress plugin used to manage user information. It's a relatively niche software, and if you don't recognize the name, you're probably not affected. The vulnerability allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

You're affected if you use LJUsers. Specific version info not stated in the advisory.

To fix this vulnerability, upgrade to WordPress LJUsers plugin version 1.2.1 or later.

Immediate mitigations:

• Restrict network access to your WordPress installation (firewall it from the public internet)
• Audit admin account activity for suspicious access patterns
• Monitor for unauthorized token creation

• plugins.trac.wordpress.org
• plugins.trac.wordpress.org
• www.wordfence.com