A vulnerability found in the Really Simple Security plug-in allows an attacker to remotely gain access to any account on an affected website, including the administrator, when 2FA is enabled.
First seen on darkreading.com
Jump to article: www.darkreading.com/cloud-security/critical-wordpress-plugin-flaw-4m-sites-takeover
