2026-02-19 04:36:18
Wordfence
PUBLISHED
The Virusdie - One-click website security plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.7. This is due to missing capability checks on the `vd_get_apikey` function which is hooked to `wp_ajax_virusdie_apikey`. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve the sites Virusdie API key, which could be used to access the site owners Virusdie account and potentially compromise site security.