1 article
Four CVSS 8.8 vulnerabilities in a 100,000-install WordPress plugin — discoverable by any registered member with a subscriber account — highlight the structural mismatch between how WordPress CMS security is governed in enterprise organisations and the actual risk it carries. Membership sites, intranet portals, and course platforms built on WordPress process regulated data and host privileged access, but rarely receive enterprise-grade security governance.