However, there’s both good news and bad news for WordPress administrators. The silver lining, as highlighted by BleepingComputer, is that the vulnerable extension should only be active during migration processes, minimizing its threat potential during regular operations.
Regrettably, the researchers uncovered this perilous code in several other extensions from the same manufacturer. These include the Box extension, Google Drive extension, OneDrive extension, and Dropbox extension.
