A critical security vulnerability has been discovered in the popular WordPress plugin, WP Ghost, which boasts over 200,000 active installations. This flaw, tracked as CVE-2025-26909, concerns an unauthenticated Local File Inclusion (LFI) vulnerability that could potentially lead to Remote Code Execution (RCE) attacks on nearly all server environments. The vulnerability has been addressed in the […] The post WordPress Plugin Flaw Exposes 200,000+ Sites at Risk of Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
First seen on gbhackers.com
Jump to article: gbhackers.com/wordpress-plugin-flaw-3/
