Linked: Critical WordPress Plugin Bug Allows Admin Logins Without Password
It’s been patched, so if you’re behind on your WordPress plugin upgrades, get with it.
“A critical authentication bypass vulnerability allows anyone to log in as an administrator user on WordPress sites running an affected version of the InfiniteWP Client because of logical mistakes in the code.”
One of the challenges of hosting your own WordPress site is updates. I’ve learned this the hard way years ago by leaving an old install laying around without keeping it updated. It’s sort of an open invitation for hackers to take over a site using known vulnerabilities.
This one seems easy enough to fix, so get the update before someone uses that vulnerability against you.