WordPress plugin with 5M+ active installs can be utilized in DDoS attacks
While doing some vulnerability research for WordPress plugins myself and my clients use, I came across a plugin with 5M+ active installs that can be used in DDoS attacks by non-authenticated users. Let me preface this to say that the plugin itself is not vulnerable to a hack AFAIK, but has a flaw (IMO) that…