Researchers are warning of flaws in two WordPress plugins Slick Popup and WP Database Backup including one that remains unpatched. One of the flaws stems from two issues in a feature of the plugin that is meant to grant support access to its developers with one click on the dashboard. Another flaw stems from the plugin s internal settings. The developers behind the plugin have removed the plugin from the WordPress plugin repository while dealing with a fix. The developers did not respond to a request for comment on when specifically a patch would be released.
Source: https://threatpost.com/wordpress-plugin-has-unpatched-privilege-escalation-flaw-warn-researchers/145150/