W3 Total Cache WordPress plugin vulnerable to PHP command injection

WordPress plugin can be exploited to run PHP commands on the server by posting a comment that contains a malicious payload.

WordPress plugin with over a million installs may have a worrying security flaw - here's what we know

A critical WordPress plugin flaw allows threat actors to run arbitrary PHP commands, potentially taking over entire websites.