Brizy WordPress Plugin Exploit Chains Allow Full Site Takeovers

Vulnerabilities Web Security

A stored XSS and arbitrary file-upload bug can be paired with an authorization bypass to wreak havoc.
Source: Threatpost.com