A vulnerability for the very popular AMP for WP WordPress plugin with a 100 thousand active installations was discovered that allows any registered users to escalate their privileges to gain administrative access to the site. […]

from https://www.bleepingcomputer.com/news/security/vulnerability-in-amp-for-wp-plugin-allowed-admin-access-to-wordpress/