// #enterprise-governance

WordPress Plugin Vulnerabilities Keep Hitting Enterprise Sites That Don't Know They're Enterprise Sites

Four CVSS 8.8 flaws in a 100,000-install WordPress membership plugin. The subscriber-to-admin escalation is technically straightforward. The real problem is not the code — it is that these WordPress deployments exist outside the security governance perimeter of the organisations that run them.