Newsletter WordPress Plugin Opens Door to Site Takeover

An XSS bug and a PHP object-injection vulnerability are present in a plugin used by hundreds of thousands of websites. Via Vulnerabilities – Threatpost https://threatpost.com