Critical flaw in WordPress
If you haven’t already updated your WordPress to the latest version, v. 5.0.3, then it’s a great idea to be safe and start now. Your website is potentially in great danger if you wait.
On the 19th February 2019 ‘“The Hacker News”, a large IT-news company with more than 2 million followers on Facebook, reported this news.
An unnoticed security hole in WordPress was revealed in research by researchers at RIPS Technologies GmbH.
The flaw affects all releases of WordPress except for the latest version, v. 5.0.3.
The flaw is?
According to Simon Scannel, a researcher at RIPS Technologies, users in WordPress with author-rights can acquire themselves administrator rights. With this, they can take over a site, access all associated files, share them or destroy the site and its content.
In short, an author can utilize a security hole when uploading an image, which in professional terms is called a “Path Traversal vulnerability” (PTV).
Watch the video below to see how easy a person with author-rights can acquire administrative rights, by using this newfound deficiency in the system.
The attack, which also appears in the video above, can be done in seconds and give a person full control over a vulnerable WordPress blog. Simon Scannel further explains this in his blog post “WordPress 5.0.0 Remote Code Execution”.
Do you need a helping hand to update your WordPress to version 5.0.3?
Contact us at firstname.lastname@example.org, or write your information in the box below. We are always ready to engage in a non-committal conversation.
Are you interested in more security news? Read our blog about the recent leakage of passwords, ‘the Collection #2-#5.