Press "Enter" to skip to content

WordPress – admin account for an attacker!

If you use WordPress for your website, make sure you have at least 5.1.1 version – the version number is on all pages in the administration at the bottom right or on the Dashboard in the “At a glance” box. If your WordPress is older, update to the latest version .

Simon Scannell on the RIPS Technologies GmbH blog described a vulnerability that allows an attacker to gain administrator access by inserting malicious code into a comment and trick an administrator to visit a website set up by the attacker to take complete control of your presentation (comments are enabled in WordPress for posts by default).