Description
WordPress Plugin Simply Show Hooks contains malicous code. Exploiting this issue may allow an attacker to create a new administrative user account, thus compromising the affected application, and possibly the webserver or computer. WordPress Plugin Simply Show Hooks version 1.2.1 is affected; prior versions may also be affected.
Remediation
Disable and remove the plugin until a fix is available
References
Related Vulnerabilities
WordPress Plugin WTI Like Post SQL Injection (1.4.2)
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-4043)
Joomla! Core 3.x.x Local File Inclusion (3.0.0 - 3.9.25)
Contao CVE-2018-20028 Vulnerability (CVE-2018-20028)
WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-9064)