Hackers Target WordPress Database Plugin Active on One Million Sites

The vulnerability, tracked as CVE-2023-6933, allows unauthenticated attackers to inject a PHP object, potentially leading to code execution, data access, file manipulation, or denial of service.