WordPress plugin security flaw exposing 40,000 websites

CVE-2026-23550 allowing WordPress admin bypass; Vendor released fix in version 2.5.2; users urged to upgrade immediately.