A flaw in two 'plug-ins' available for WordPress appears to have left about 2 million sites on which they were installed vulnerable.
According to Bleeping Computer website, this flaw received the name of CVE-2023-30777 and was discovered on May 2nd and allows a 'bad actor' to install malicious code on the site made from WordPress with the 'plug-in' installed.
Fortunately, it seems that this vulnerability already has a solution available and that it was released on May 4th, shortly after it was discovered.
