Independent security researcher Dawid Golunski has released a proof-of-concept exploit code for an unauthenticated remote code execution vulnerability in WordPress 4.6 (CVE-2016-10033), and information about an unauthorized password reset zero-day vulnerability (CVE-2017-8295) in the latest version of the popular CMS.CVE-2016-10033The vulnerability exists in the PHPMailer library, and can be exploited by unauthenticated remote attackers to gain access to and compromise an target application server on whoch a vulnerable WordPress Core version is installed (in its default configuration).No plugins or non-standard settings are required to exploit the vulnerability, Golunski noted.
Källa: WordPress admins, take note: RCE and password reset vulnerabilities revealed – Help Net Security
0 kommentarer