WordPress is the WordPress Foundation’s suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. An access control error vulnerability exists in versions of Wordpress Plugin Protect WP Admin prior to 3.6.2, which stems from the product’s lib/pwa-deactivate.php file not checking the user’s authorization. An attacker could disable the plugin with a carefully crafted request.