WordPress Loco Translate plugin <= 2.5.3 - Authenticated PHP Code Injection vulnerability
Authenticated PHP Code Injection vulnerability discovered by Tomi Ashari in WordPress Loco Translate plugin versions = 2.5.3. Solution Update the WordPress Loco Translate plugin to the latest available version at least 2.5.4...