A stored XSS and arbitrary file-upload bug can be paired with an authorization bypass to wreak havoc.

link: https://threatpost.com/brizy-wordpress-plugin-exploit-site-takeovers/175463/
Author: Tara Seals

By admin