Moments ago the Wordfence team published details of a high severity vulnerability in the Access Demo Importer WordPress plugin. The vulnerability allows a user with subscriber-level access to upload arbitrary files and achieve site takeover. Sites with open registration are particularly vulnerable in this case.
|You can find out which versions of the plugin are affected, how to protect yourself against this vulnerability, and all the technical details on the Wordfence Blog.
|Defiant, Inc., 1700 Westlake Ave N STE 200, Seattle, WA 98109, United States|