“wp2shell”: Critical WordPress vulnerability allows code injection via API
⚡ Quick Summary
By chaining a SQL injection vulnerability and an API vulnerability, attackers can inject code. WordPress has released an update and Finder has released a hotfix.