WordPress Flaw allows contributors to destroy a site or take over control
There is a WordPress flaw in all current versions that can result in the entire website being destroyed or compromised by anyone with the authority to post content. Since this flaw has not yet been corrected, I will not elaborate further. For now, if you are a site administrator, verify that all authorized contributors are trusted and will not pose a threat to your site.
The simplest way to do this, without actually removing the user, would be to reset the password and alter the user’s email address, thus preventing them from resetting their password.
This change should be made by your WordPress website administrator. If you don’t have a WordPress website administrator, you may contact me.
UPDATE: On July 5th, WordPress released an update to address this issue. Most WordPress installations will automatically install this update, but if yours does not, please ensure you allow this update to be applied.
Jack Eisenberg is the owner of Safe and Secure Computing and regularly monitors cyber security developments such as this one.