Security News > 2020 > October > WordPress Patches 3-Year-Old High-Severity RCE Bug

WordPress Patches 3-Year-Old High-Severity RCE Bug
2020-10-30 20:56

The update patches a high-severity bug, which could allow a remote unauthenticated attacker to take over a targeted website via a narrowly tailored denial-of-service attack.

Of the ten security bugs patched by WordPress a standout flaw, rated high-severity, could be exploited to allow an unauthenticated attacker to execute remote code on systems hosting the vulnerable website.

"The vulnerability allows a remote attacker to compromise the affected website," WordPress wrote in its bulletin posted Friday.

A successful attack lets a remote attacker steal sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks, according to WordPress.

Because of insufficient WordPress data sanitization of user-supplied data to an affected website, the security release said a remote attacker "Can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website."


News URL

https://threatpost.com/wordpress-patches-rce-bug/160812/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Wordpress 7 2 93 44 18 157