A critical security alert has been issued to WordPress site administrators following the discovery of two high-severity vulnerabilities in the “WP Ultimate CSV Importer” plugin.
With over 20,000 active installations, the plugin’s flaws pose a significant risk to affected websites, potentially leading to complete site takeovers by attackers.
https://gbhackers.com/20000-wordpress-sites-at-risk/