Description
WordPress Plugin WordPress Framework contains suspicious code. Attackers can exploit this issue to perform a variety of actions: reset password, delete database, etc. Successful attacks will compromise the affected application and possibly the webserver or computer. WordPress Plugin WordPress Framework version 1.0 is affected.
Remediation
Delete the plugin
References
Related Vulnerabilities
WordPress 5.4.x Multiple Vulnerabilities (5.4 - 5.4.2)
WordPress Plugin Instagram Feed Unspecified Vulnerability (1.10.2)
WordPress Plugin Gallery-Flagallery Photo Portfolio 'skin' Parameter Cross-Site Scripting (1.72)
MediaWiki Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2021-36125)