Time to update WordPress
If your website doesn’t have the latest version of WordPress 5.0.3, than you need to update right now.
A critical remote code execution vulnerability has been found that affects every previous version of WordPress released in the past 6 years.
This vulnerability can be exploited by any one with an ‘author’ account. This could be exploited by an attacker who gains author’s credentials by using password reuse, phishing, or other attacks as well.
An attacker gaining author status can lead to a full remote takeover, according to Simon Scannell, a researcher at RIPS Technologies GmbH.
This flaw takes advantage of the way WordPress image management system handles Post Meta entries used to store description, size, creator, and other meta information of uploaded images.
Thus leading to photos being changed, or links being added to them; leading to the Path Traversal vulnerability.
This could allow the attacker to execute arbitrary code on the targeted server.
Scannell confirmed that the next release of WordPress would include a fix to completely address the issue.
Tired of paying to much for your Managed Services?
Why not give our Essential packages a look! We have exactly what every type of business needs.