On May 17th, 2024 we received a submission for an Arbitrary Options Update vulnerability in Login/Signup Popup, a WordPress plugin with more than 40,000 active installations. This vulnerability could be used by authenticated attackers, with subscriber-level access and above, to update arbitrary options which can easily be leveraged for privilege escalation.
The post 40,000 WordPress Sites affected by Vulnerability That Leads to Privilege Escalation in Login/Signup Popup WordPress Plugin appeared first on Wordfence.
This article has been indexed from Blog – Wordfence