WPUmbrella’s remote application uses a local companion plugin to perform its functionality. The communication between the remote WPUmbrella application and the WordPress site is secured using a shared secret stored as plaintext in the WordPress options table. An attacker that can read the plaintext value can fully impersonate WPUmbrella’s remote application and perform all actions,…