WP Ghost plugin vulnerabilities require immediate updates

A popular WordPress security plugin, WP Ghost, has a serious security flaw that users need to fix immediately. The vulnerability allows attackers to execute harmful code and potentially take over websites. The flaw affects all versions of WP Ghost up to 5.4.01. Users are strongly advised to update to the latest version, 5.4.02. Researchers from Patchstack discovered that the problem is linked to a type of vulnerability known as Local File Inclusion, which can let attackers run unauthorized code. This issue is now classified as CVE-2025-26909 and has a high severity rating of 9.6 out of 10. The developers have patched the vulnerability by adding extra checks on user inputs. WP Ghost is widely used, with over 200,000 installations. It claims to prevent around 140,000 attacks and over nine million brute-force attempts every month. The plugin also defends against various types of cyber threats. Experts emphasize the importance of keeping WordPress plugins updated, as many can be vulnerable to attacks. Users should carefully select their plugins and always ensure they are using the latest versions to maintain security.