CVE-2021-44223

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.8

Description: The issue makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin Directory but is not yet present in that directory. This occurs due to the lack of support for the Update URI plugin header in affected versions.

Recommendations: For versions prior to 5.8, update to version 5.8 or later to resolve the issue. As a temporary workaround, consider restricting the use of plugins that are not yet present in the WordPress.org Plugin Directory to minimize the risk of exploitation.