They recently claimed that a vulnerability in a WordPress plugin exposed WordPress users passwords. It didn’t, only password hashes. That is significantly different.
WPScan also claimed that the vulnerability allowed “account takeover,” despite that being unlikely to happen there.
You must log in or register to comment.