A critical security flaw in the GiveWP Donation Plugin tracked as CVE-2025-0912, has exposed over 100,000 WordPress websites to unauthenticated remote code execution (RCE) attacks. The vulnerability, scoring a maximum CVSS 9.8 (Critical) severity rating, originates from improper handling of user-supplied data in the plugin’s donation form processing logic. Exploiting this flaw allows attackers to
The post WordPress Plugin Vulnerability Exposes 10,000 Sites to Code Execution Attacks appeared first on Cyber Security News. Read More