Critical Security Flaw in WordPress Plugin Allows RCE