Critical Authentication Flaw Impacts Both Free and Pro Users. A widely deployed five-in-one security plug-in for WordPress websites contained a flaw that hackers could automate into a large-scale takeover campaign. The critical authentication bypass vulnerability takes advantage of a now-patched flaw in the Really Simple Security plug-in.
First seen on govinfosecurity.com
Jump to article: www.govinfosecurity.com/wordpress-plug-in-vulnerability-threatens-4-million-sites-a-26843
