WordPress · Accessally · CVE-2020-36875
**Name of the Vulnerable Software and Affected Versions**
AccessAlly versions prior to 3.3.2
**Description**
The AccessAlly WordPress plugin contains a flaw where the `login error` parameter in the Login Widget is treated as PHP code. This allows a remote attacker to execute arbitrary PHP code within the WordPress web server process, leading to potential remote code execution.
**Recommendations**
Update AccessAlly to version 3.3.2 or later.