On September 14, 2020, our Threat Intelligence team discovered two high severity vulnerabilities in Post Grid, a WordPress plugin with over 60,000 installations. While investigating one of these vulnerabilities, we discovered that almost identical vulnerabilities were also present in Team Showcase, a separate plugin by the same author with over 6,000 installations.
We initially reached out to the plugin’s developer, PickPlugins, on September 16, 2020 and provided full disclosure the next day. Patches for both plugins were made available only a few hours after we provided disclosure on September 17, 2020.
Wordfence Premium users received a firewall rule