This top WordPress plugin could be hiding a worrying security flaw, so be on your guard

When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.

The WP Ghost plugin suffered from an unauthenticated Local File Inclusion vulnerability, explained researchers from Patchstack.

It was patched by adding extra validation on the supplied URL or path from the user.

WP Ghost is a popularwebsite buildersecurity plugin, with more than 200,000 installs.

The plugins page states that it stops 140,000 attacks and more than nine million brute-force attempts every month.