Security News > 2019 > March > Don't be a WordPress RCE-hole and patch up this XSS vuln, pronto

Don't be a WordPress RCE-hole and patch up this XSS vuln, pronto

2019-03-14 18:02

Not on 5.1.1? You should be A newly revealed vuln in the open-source CMS WordPress allows an unauthenticated website attacker to remotely execute code – potentially letting naughty folk delete or edit blog posts.…

News URL

http://go.theregister.com/feed/www.theregister.co.uk/2019/03/14/wordpress_rce_vuln_v_5_1_0_previous/

#patch #RCE #wordpress #XSS

Related news

'Patch yesterday': Zimbra mail servers under siege through RCE vuln (source)
WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks (source)
Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
VMware fixes bad patch for critical vCenter Server RCE flaw (source)
Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch (source)
Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Wordpress		7	2	95	44	18	159

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.