"This flaw poses a significant security risk, as it enables attackers to install vulnerable or closed plugins, which can then be exploited for attacks such as Remote Code Execution (RCE), SQL Injection, Cross-Site Scripting (XSS), or even the creation of administrative backdoors," WPScan said in a report.
"What makes this attack particularly dangerous is its combination of factors -- leveraging a previously patched vulnerability in Hunk Companion to install a now-removed plugin with a known Remote Code Execution flaw," WPScan reported.
Collection
[
|
...
]