via wptavern.com => original post link
Snicco, a WordPress security services provider, has published an advisory on a vulnerability in the MalCare plugin, which is active on more than 300,000 sites.
“MalCare uses broken cryptography to authenticate API requests from its remote servers to connected WordPress sites,” WordPress security researcher Calvin Alkan said.
“Requests are authentication by comparing a shared secret stored as plaintext in the WordPress database to the one provided by MalCare’s remote application.