WordPress Quietly Fixes Serious Security Flaw

  /     /     /  
Publicated : 22/11/2024   Category : security


WordPress Quietly Fixes Serious Security Flaw


Wordpress admits delaying its disclosure of a vulnerability that would let attackers modify users posts or pages.



In a recent security update, WordPress quietly fixed a serious code injection vulnerability in its CMS that could allow an unauthorized attacker to alter a post or page and remotely execute code, ZDNet reports. WordPress clarifies that public disclosure of this discovery was delayed by a week, as it sought time to run automatic updates to patch the vulnerability and protect users from exploits.
The bug, discovered by security firm Sucuri, was located in the REST API in Wordpress 4.7.
Aaron Campbell of WordPress further explains that since there was no indication of any exploits in the data collected from the four WAFs and WordPress hosts, public disclosure was delayed until the bug was patched. However, the CMS hosts and firewall providers, including CloudFlare, SiteLock, Incapsula and Sucuri, were kept in the loop to provide protection from exploit bids.
Hosts worked closely with the security team to implement protections and regularly checked for exploit attempts against their users, adds Campbell.
Read more on 
ZDNet
.

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
WordPress Quietly Fixes Serious Security Flaw