On August 17th, 2025, we received a submission for an authenticated PHP Object Injection vulnerability in Fluent Forms, a WordPress plugin with more than 600,000 active installations. This vulnerability can be leveraged via an existing POP chain present in the plugin to read arbitrary files on the server, which may contain sensitive information.
The post 600,000 WordPress Sites Affected by PHP Object Injection Vulnerability in Fluent Forms WordPress Plugin appeared first on Wordfence.
This article has been indexed from Blog – Wordfence
Read the original article: