The plugin injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flo_custom_table_prefix cookie to an arbitrary value.
On any website where flo-launch is active create cookie “flo_custom_table_prefix” with any string value to initiate new WordPress instance setup. Complete setup and login as admin.
CPE | Name | Operator | Version |
---|---|---|---|
flo-launch | lt | 2.4.1 |