21 July 2022 at 13:33 UTC
Updated: 21 July 2022 at 13:45 UTC
Unauthenticated SQL injection bugs put thousands of WordPress sites under threat
A researcher at security firm Cyllective has unearthed vulnerabilities in dozens of WordPress plugins, affecting tens of thousands of installations.
Dave Miller, who leads Cyllective’s penetration testing team, says they started out testing randomly selected plugins, quickly finding an unauthenticated SQL injection vulnerability.