Over 150k WordPress Sites at Takeover Risk via Vulnerable Plugin
The first vulnerability enables an attacker to reset the API key and access sensitive log information, while the second vulnerability allows for arbitrary script injection into affected web pages.