WordPress Breakdance plugin <= 1.7.2 - Authenticated Remote Code Execution (RCE) vulnerability

[KNEET]

Server operating system version

Cent

Plesk version and microupdate number

Plesk Obsidian v18.0.75_build1800260102.11 os_RedHat el8

WordPress Breakdance plugin <= 1.7.2 - Authenticated Remote Code Execution (RCE) vulnerability Authenticated Remote Code Execution (RCE) vulnerability discovered by Snicco in WordPress Plugin Breakdance (versions <= 1.7.2)

I keep on getting this vulnerabiltiy detected by WP Toolkit and it seems likt it disables this plugin after scanning/finding it. Resulting it the site going offline.
We have a license for Breakdance and are already on the latest version 2.6.1

After a lot of troubleshooting it seems to be a Plesk issue.

Can anyone help?

Thanks

 

[Sebahat.hadzhi]

Hello, @KNEET . For the time being, please navigate to Plesk > Subscriptions > example.com > More > Check for updates > Update Settings. Then under "Defined individually, but security updates are autoinstalled", please make sure that "Deactivate vulnerable plugins instead of updating them" is unchecked. I will discuss the matter about the vulnerability mismatch with our team on Monday and follow up with more details.

 

[KNEET]

Thank you!