Improper Certificate Validation
WP-CLI is the command-line interface for WordPress. An improper error handling in HTTPS requests management in WP-CLI allows remote attackers able to intercept the communication to remotely disable the certificate verification on WP-CLI side, gaining full control over the communication content, including the ability to impersonate update servers and push malicious updates towards WordPress instances controlled by the vulnerable WP-CLI agent, or push malicious updates toward WP-CLI itself. The vulnerability …