A high-severity vulnerability has been discovered in a popular premium WordPress plugin, allowing threat actors to access, or exfiltrate, sensitive data without authentication.