Tens of thousands of WordPress sites are at risk from critical vulnerabilities in a widely used plug-in that facilitates the use of PHP code on a site. One of the bugs allows any authenticated user of any level – even subscribers and customers – to execute code that can completely take over a site that has the plugin installed, researchers have found.
Read full article on Threat Post