Go to computer terminal for registration
JD Cloud Security Team has detected the disclosed remote code execution vulnerability of Wordpress in recent time. Attackers can use the vulnerability to execute any code by constructing malicious pictures.
JD Cloud Security Team suggests you to carry out security self-inspection. If you are in affected scope, please timely update and fix to avoid intrusion by external attackers.
The attacker saved and executed the constructed malicious image file by constructing the malicious image file upload and loading the image process through Wordpress. Through this vulnerability, directory traverse can be carried out to get theme module loading directory of Wordpress and upload malicious files by customized theme function, then execute constructed codes
WordPress 4.9.8 or Previous Versions
1. Update to the latest version of WordPress,
Official download link: https://wordpress.org/download/
2. Disable author user permission of websites if it is unnecessary.
JD Cloud team2019-02-21 09:44:12