The maximum-severity vulnerability, which hasn’t been exploited in the wild yet, affects software customers use to manage networking devices.

The bug appears in WordPress instances prior to version 4.9.9 and was exploitable for as long as six years, the RIPS Technologies researchers said.