The Wordfence team also stated that they have contacted the developer and a few days later, the vulnerability was patched in the 2.7.1 version. Wordfence also released a firewall rule to protect its users to protect against possible attacks.
October 4, 2021 – Wordfence Threat Intelligence finishes our investigation and releases a firewall rule to protect Wordfence Premium customers. We initiate the disclosure process.
October 5, 2021 – The plugin developer responds and we send over full disclosure.
October 7, 2021 – A patched version, 2.7.1, is released.
November 3, 2021 – The firewall rule becomes available to Wordfence free users
The Wordfence team said,
We strongly recommend updating to the latest version of the plugin available immediately, which is 2.7.5 as of this writing, since it contains additional bug fixes.”