WordPress Patches 3-Year-Old High-Severity RCE Bug

guest · Oct 31, 2020

WordPress Patches 3-Year-Old High-Severity RCE Bug
October 30, 2020
https://threatpost.com/wordpress-patches-rce-bug/160812/

WordPress released a 5.5.2 update to its ubiquitous web publishing software platform. The update patches a high-severity bug, which could allow a remote unauthenticated attacker to take over a targeted website via a narrowly tailored denial-of-service attack.

In all, the WordPress Security and Maintenance Release tackled 10 security bugs and also brought a bevy of feature enhancements to the platform. WordPress said the update was a “short-cycle security and maintenance release” before the next major release version 5.6. With the update, all versions since WordPress 3.7 will also be current.
Click to expand...

Of the ten security bugs patched by WordPress a standout flaw, rated high-severity, could be exploited to allow an unauthenticated attacker to execute remote code on systems hosting the vulnerable website.

“The vulnerability allows a remote attacker to compromise the affected website,” WordPress wrote in its bulletin posted Friday. “The vulnerability exists due to improper management of internal resources within the application, which can turn a denial of service attack into a remote code execution issue.”
Click to expand...

Wordpress: WordPress 5.5.2 Security and Maintenance Release

This security and maintenance release features 14 bug fixes in addition to 10 security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated.
Click to expand...

Log in or Sign up

WordPress Patches 3-Year-Old High-Severity RCE Bug

guest Guest

Log in or Sign up

WordPress Patches 3-Year-Old High-Severity RCE Bug

guest Guest

Useful Searches