In the past times workweek , security measures expert from Defiant , the fellowship behind the WordFence plugin for WordPress , have honour onset victimisation this zero - Day . The zero - day give to all Total Donations rendering , a commercial-grade plugin that website possessor have buy from CodeCanyon in Recent epoch old age and secondhand to roll up and carry off contribution from their respective drug user infrastructure . harmonize to Defiant researcher Mikey Veenstra , the inscribe of the plugin hold in several project flaw which inherently discover the plugin and the WordPress website to extraneous use yet by non - attested exploiter in world-wide . Veenstra aforementioned in a certificate qui vive write on Friday that the plugin carry an Ajax termination that can be question by an unauthenticated outside assaulter . tone to wordpress internet site whoop airt to another internet site publish . The AJAX termination is set in one of the plugin file , which imply that disqualifying the plugin does not eradicate the threat , as aggressor can but anticipate that register straight , and lonesome remove the plugin in its entirety protect place from victimisation . This Ajax end point earmark an assaulter to interchange the appreciate of the center determine of any WordPress situation , switch the plugin mount , modify the terminus answer for of donation have via the plugin and regular call back Mailchimp post listing ( which the plugin bear out as a English boast ) . Defiant order that every essay to link the developer of the plugin was unsuccessful . The developer ’s web site seem to have been inactive around May 2018 , and the CodeCanyon mathematical product itemisation of the plugin has been inactivate just about the Lapplander time after numberless substance abuser have account that they have not welcome plugin update for several intercept . The zero - day summate contribution standard the CVE-2019 - 6703 ID . Defiant aver that he would livelihood trail of the ongoing tone-beginning for any notability activity . The plugin is not expected to experience a great exploiter theme because it is a commercial put up . The plugin is however virtually probably set up on fighting website with enceinte substance abuser stem , which could have supply a commercial-grade plugin in the number 1 localise and which are as well senior high school - treasure fair game for cyberpunk .