"Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover"

According to the WordPress security company Defiant, the GiveWP WordPress plugin contains a critical vulnerability that enables Remote Code Execution (RCE) and arbitrary file deletion on over 100,000 websites. The bug allows unauthenticated attackers to inject a PHP object and exploit a Property Oriented Programming (POP) chain to execute arbitrary code remotely or delete arbitrary files. This article continues to discuss the potential exploitation and impact of a critical vulnerability in the GiveWP WordPress plugin.

SecurityWeek reports "Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover"

Submitted by grigby1

Submitted by Gregory Rigby on