[Vulnerability Alert] High Risk Vulnerability of Remote Code Execution of WordPress 5.0.0

2019-02-21 09:44:12
Dear user

JD Cloud Security Team has detected the disclosed remote code execution vulnerability of Wordpress in recent time. Attackers can use the vulnerability to execute any code by constructing malicious pictures.

JD Cloud Security Team suggests you to carry out security self-inspection. If you are in affected scope, please timely update and fix to avoid intrusion by external attackers.

[Vulnerability Details]

The attacker saved and executed the constructed malicious image file by constructing the malicious image file upload and loading the image process through Wordpress. Through this vulnerability, directory traverse can be carried out to get theme module loading directory of Wordpress and upload malicious files by customized theme function, then execute constructed codes

[Risk Level]

High Risk

[Affected Version]

WordPress 5.0.0

WordPress 4.9.8 or Previous Versions

[Fix Recommendation]

1. Update to the latest version of WordPress,

Official download link: https://wordpress.org/download/

2. Disable author user permission of websites if it is unnecessary.

Reference Link:

https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/



JD Cloud team

2019-02-21 09:44:12