Anuntam prin aceasta cale pe toti clientii care au un site pe platforma wordpress sa actualizeze in cel mai scurt timp la ultima versiune disponibila.
Mai multe detalii tehnice pe linkul de mai jos:
https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
Important announcement:
Just a few days ago, security researchers made public a critical flaw in all WordPress versions, which are older than 4.9.9.
The flaw allows anyone with “author” privileges to completely gain control over a WordPress website. All WordPress versions from the last 6 years are affected.
If you are using a WordPress version, which is older than 4.9.9, you have to update to the latest version immediately so as to protect yourself from this vulnerability.
Even though the attack vector requires a profile with “author” privileges, access to such an account can be gained via multiple methods like phishing, password reuse, etc.
Once the attacker gains access to such an account, they can execute PHP code on the server, effectively taking over the whole WordPress website.