Facebook for WordPress (opens in new tab) is a plugin designed to create a seamless integration between the conversion measurement tool Facebook Pixel and a WordPress (opens in new tab) site. Once installed, the plugin monitors site traffic and records data when users access pages and perform certain actions on a site.
- We've built a list of the best WordPress analytics plugins (opens in new tab) around
- These are the best WordPress SEO plugins (opens in new tab) on the market
- Also check out our roundup of the best WordPress themes (opens in new tab)
The first flaw discovered by Wordfence could be used by unauthenticated attackers with access to a site's secret salts and keys to achieve remote code execution (opens in new tab) through a deserialization weakness. The company responsibly disclosed the vulnerability to Facebook at the end of last year and it has now been patched.
Facebook for WordPress
The second flaw discovered in Facebook for WordPress by Wordfence's Threat Intelligence team was introduced when the plugin was rebrandred with the launch of version 3.0.0.
Both vulnerabilities in Facebook for WordPress should be patched immediately as the PHP Object Injection vulnerability has a CVSS score of 9.0 and is rated as critical while the Cross-Site Request Forgery has a CVSS Score of 8.8 and is rated as high.
Version 3.0.5 of the Facebook for WordPress plugin is available now and the latest version of the plugin contains patches that address both vulnerabilities.
- We've also featured the best WordPress hosting (opens in new tab)