The plugin injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flo_custom_table_prefix cookie to an arbitrary value.
On any website where flo-launch is active create cookie "flo_custom_table_prefix" with any string value to initiate new WordPress instance setup. Complete setup and login as admin.
Daniel Ruf
Daniel Ruf
Yes
2022-03-29 (about 3 months ago)
2022-03-29 (about 3 months ago)
2022-04-11 (about 2 months ago)