WordPress plugin with over a million installs may have a worrying security flaw - here's what we know

A critical WordPress plugin flaw allows threat actors to run arbitrary PHP commands, potentially taking over entire websites.

W3 Total Cache WordPress plugin vulnerable to PHP command injection

WordPress plugin can be exploited to run PHP commands on the server by posting a comment that contains a malicious payload.