News 1 — Attackers

Unpatched WordPress Flaw Gives Attackers Full Control Over Your Site

Attackers full control of site Unpatched WordPress Flaw

Unpatched WordPress Flaw Gives Attackers Full Control Over Your Site

Unpatched WordPress Flaw Gives Attackers Full Control Over Your Site Last week we received a tip about an unpatched vulnerability in the WordPress core, which could allow a low-privileged user to hijack the whole site and execute arbitrary code on the server. Discovered by researchers at RIPS Technologies GmbH, the "authenticated arbitrary file deletion" vulnerability was reported 7 months ago to the WordPress security team but remains unpatched and affects all versions of WordPress, including the current 4.9.6. The vulnerability resides in one of the core functions of WordPress that runs in the background when a user permanently deletes thumbnail...

Read more →