Nasty WordPress plugin bugs could allow attackers to register as site admins

Protection scientists have uncovered critical nevertheless very easily exploitable vulnerabilities in a well-liked WordPress plugin that can be abused to upload arbitrary documents to impacted sites.

In their breakdown of the vulnerability, scientists from Wordfence, which develops security methods to secure WordPress installations, take note that the impacted plugin is put in on more than 400,000 sites.