LT Unleashed Plugin Vulnerability

The LT Unleashed plugin is a WordPress plugin used for managing book content. It's a popular plugin, but its functionality might be unfamiliar to non-WordPress users. The vulnerability allows authenticated attackers with Contributor-level access and above to include and execute arbitrary files on the server, potentially leading to code execution, bypassing access controls, or obtaining sensitive data.

You're affected if you use LT Unleashed. Specific version info not stated in the advisory.

To fix this vulnerability, upgrade to LT Unleashed version 1.2.0 or later. You can do this by following these steps:

1. Log in to your WordPress dashboard.
2. Go to the Plugins page and click on "Add New."
3. Search for "LT Unleashed" and select the latest version (1.2.0 or higher).
4. Click "Install" and then "Activate."

Immediate mitigations if an upgrade isn't possible:

• Restrict network access to your WordPress installation.
• Audit admin account activity for suspicious access patterns.
• Monitor for unauthorized file inclusion attempts.

• plugins.trac.wordpress.org
• plugins.trac.wordpress.org
• plugins.trac.wordpress.org
• www.wordfence.com