A significant vulnerability in the SecuPress Free WordPress plugin (versions ≤ 2.3.9) allows any authenticated subscriber to install arbitrary plugins, bypassing WordPress’s permissions. This paves the way for privilege escalation and malware installation. Discover how to defend against this flaw and strengthen your site’s security with updates and tools like WP-Firewall.