Web hosting company Seravo first reported the zero-day vulnerabilities in the third-party WordPress plugins, which were already being exploited. Using the exploit, malicious users are able to log in as administrator or create new administrative accounts on any affected site.
The privilege escalation vulnerabilities in the addons are being tracked by Wordfence, which develops a WordPress security plugin of the same name. While analyzing the plugin, the Wordfence security researchers found additional vulnerabilities and notified the developer.
We’re looking at how our readers use VPN for a forthcoming in-depth report. We’d love to hear your thoughts in the survey below. It won’t take more than 60 seconds of your time.