WordPress Plugins and Themes vulnerability: March Edition
This is the Motherload
https://wpscan.com/vulnerability/6dae6dca-7474-4008-9fe5-4c62b9f12d0a
From the post
The plugins and themes use an insecure version of the Freemius Framework, which is lacking CSRF and/or authorisation in some of its AJAX actions. As a result, any authenticated users, such as subscriber could access the debug logs. Unauthenticated attackers could also make a logged in admin toggle the debug mode via a CSRF attack.
Comments
Well, doesn't that sound reassuring cough
https://www.bleepingcomputer.com/news/security/nearly-30-percent-of-critical-wordpress-plugin-bugs-dont-get-a-patch/amp/
Ympker's VPN LTD Comparison, Uptime.is, Ympker's GitHub.