Description
WordPress Plugin pipdig Power pack (p3) contains suspicious code. Attackers can exploit this issue to perform a variety of actions: reset password, delete database, etc. Successful attacks will compromise the affected application and possibly the webserver or computer. WordPress Plugin pipdig Power pack (p3) version 4.7.3 is vulnerable; prior versions may also be affected.
Remediation
Disable the plugin until a fix is available
References
https://www.wordfence.com/blog/2019/03/peculiar-php-present-in-popular-pipdig-power-pack-plugin/
https://www.jemjabella.co.uk/2019/security-alert-pipdig-insecure-ddosing-competitors/
Related Vulnerabilities
Drupal Other Vulnerability (CVE-2006-2743)
Serendipity Remote Code Execution (CVE-2020-10964)
Dolibarr Inadequate Encryption Strength Vulnerability (CVE-2017-7888)
Jenkins Improper Authentication Vulnerability (CVE-2017-1000354)
WordPress Plugin Seriously Simple Podcasting Cross-Site Request Forgery (2.16.0)