via wordfence.com => original post link
On August 18, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for two PHP Object Injection vulnerabilities in the Essential Blocks plugin for WordPress, a plugin with over 100,000 installations.
We received a response three days later and sent over our full disclosure on August 23, 2023. A patched version of the free plugin, 4.2.1, was released on August 29, 2023 with version 1.1.1 for the Pro version released the same day.
We issued a firewall rule to protect Wordfence Premium, Wordfence Care, and Wordfence Response customers on August 18, 2023. Sites still running the free version of Wordfence received the same protection on September 17, 2023. We recommend that all Wordfence users update to the patched version, 4.2.1 (1.1.1 for Pro), as soon as possible as this will entirely eliminate the vulnerabilities.