"Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover"
According to the WordPress security company Defiant, the GiveWP WordPress plugin contains a critical vulnerability that enables Remote Code Execution (RCE) and arbitrary file deletion on over 100,000 websites. The bug allows unauthenticated attackers to inject a PHP object and exploit a Property Oriented Programming (POP) chain to execute arbitrary code remotely or delete arbitrary files. This article continues to discuss the potential exploitation and impact of a critical vulnerability in the GiveWP WordPress plugin.
SecurityWeek reports "Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover"
Submitted by grigby1
Submitted by grigby1 CPVI
on