The plugin injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flo_custom_table_prefix cookie to an arbitrary value.
On any website where flo-launch is active create cookie "flo_custom_table_prefix" with any string value to initiate new WordPress instance setup.
Complete setup and login as admin.
2022-03-29 (about 8 months ago)
2022-04-11 (about 8 months ago)