A WordPress plugin with over 2 million active installations left its users open to an alarming security flaw. The popular Advanced Custom Fields (ACF) plugin by WP Engine allows WordPress admins to add custom fields throughout their sites for an enhanced content management system experience. However, if left unpatched, this plugin has a ‘high

Source: Hot Hardware – Alarming WordPress Plugin Security Flaw Leaves 2M Sites Vulnerable To Attack