Wordpress - admin account for an attacker!

If you use Wordpress for your website, make sure you have at least 5.1.1 version - the version number is on all pages in the administration at the bottom right or on the Dashboard in the “At a glance” box. If your Wordpress is older, update to the latest version .

Simon Scannell on the RIPS Technologies GmbH blog described a vulnerability that allows an attacker to gain administrator access by inserting malicious code into a comment and trick an administrator to visit a website set up by the attacker to take complete control of your presentation (comments are enabled in Wordpress for posts by default).