Security plugin flaw in millions of WordPress sites gives admin access

CRANK

A critical authentication bypass vulnerability has been discovered impacting the WordPress plugin 'Really Simple Security' (formerly 'Really Simple SSL'), including both free and Pro versions.