400,000 WordPress Sites Affected by Unauthenticated SQL Injection Vulnerability in Ally WordPress Plugin 

400,000 WordPress Sites Affected by Unauthenticated SQL Injection Vulnerability in Ally WordPress Plugin 

SecurityVendor
Yanac

On February 4th, 2026, we received a submission for an SQL Injection vulnerability in Ally, a WordPress plugin estimated to have more than 400,000 active installations. This vulnerability can be leveraged to extract sensitive data from the database, such as password hashes.
The post 400,000 WordPress Sites Affected by Unauthenticated SQL Injection Vulnerability in Ally WordPress Plugin appeared first on Wordfence.WordfenceRead More