Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Warning: Dangerous security holes in Wordpress platform, hackers can take advantage to take control of the website
According to the experts at CyStack network security company, a dangerous vulnerability exists in the function of deleting posts of all Wordpress versions, a popular website building platform.
Hackers can take advantage of sending a request to remove the vulnerability to insert malicious code and delete files on the server, hijacking the website.
Specifically, when doing deletion, the thumb file (information posted on the post variable in the HTTP packet) corresponding to that post will also be deleted if it exists. Since deleting files does not go through security checks, hackers can delete any files on the hosting folder of the website by changing the value of the thumb of the article. This can cause enormous damage to websites, if the data is not backed up, it may cause the website to lose data permanently.
Even the latest version of Wordpress is 4.9.6, there is also this security hole and currently wordpress has not released any patch to fix.
As recommended by security experts, site administrators need to make hot fixes to the vulnerability to avoid becoming a victim of hackers in the following way:
- Review the list of users and administrators of the website.
- Perform full backup of website data.
- Apply the researchers' Hotfix to prevent deleting files from users.
See more:
- 10 most popular WordPress errors and how to fix them
- How to fix White Screen of Death error in WordPress
- Guide to turning Blogger into WordPress does not worry about losing Google rankings
Micah SotoYou should read it
- 5 mistakes everyone mistakenly thinks about WordPress
- Find security holes on every site with Nikto
- Facebook error allows anyone to delete your photo
- Which platform is better for WordPress.com and WordPress.org?
- The Mail app on iOS has serious vulnerabilities
- WordPress plugins with more than 300,000 pages that use vulnerabilities are vulnerable to SQL Injection attacks
- How to import images from external sources into WordPress
- Microsoft expert discovered a series of serious code execution errors in IoT, OT devices
May be interested
- Patches of dangerous vulnerabilities being exploited by hackers contain dangerous holes and then continue to be exploited by hackers
not long after the log4j vulnerability was discovered, the patch was released. however, the irony is that this patch has holes. - Squarespace and WordPress - Which one is better?this article will compare squarespace and wordpress, listing the advantages and disadvantages of each platform. hopefully, after this comparison, you can choose which platform is more suitable to use.
- Assign SSL security mechanism to WordPress blogone of the most important issues when we operate, work or play on the internet is security. whether you are at home, work, library or public access point, the surroundings are always full of disasters from malware, keylogger programs, hackers ...
- Three critical holes in Linksys routers, hackers can take advantage of hijackinglinksys e series routers can get three vulnerabilities that help hackers gain control.
- 'Backdoor' plugin, WordPress 3.2 RC2 launchesa series of popular plug-ins for wordpress are found to contain 'backdoor' in the source code, which can help hackers gain access and hijack the blog / website.
- Put Google+ on Wordpressintegrating google+ into your wordpress website or blog will increase visitor interaction and help reach the 20 million existing users of this social network. some of the following little tricks will help put google+ on wordpress.
- Enhance Wordpress security with Plug-inwordpress is the most popular blogging platform in the world today and is also used by vietnamese bloggers to customize their personal blogs instead of using available blog services. some of the following plug-ins will help strengthen wordpress security.
- Instructions for creating websites with WordPress from A to Z (Part 1)although wordpress and other content management systems make creating a new website much easier than before, it is still not a simple task, especially for those who do not have any any knowledge about programming. there are many things to note even for experienced developers that can easily forget some important things.
- Why is WordPress free?today's article will discuss why wordpress is free, the cost of running a wordpress website and what users get from a wordpress site?
- Detect 2 serious security holes in the Zoom applicationrecently, cisco talos security researchers have discovered two serious security holes in the zoom application. these vulnerabilities allow hackers to attack and infiltrate the computers of people in the group chat.
Technology story
- Unique case self-inflated when falling like an airbag to protect iPhone when colliding
- Unable to handle the 'dead blue screen', Microsoft stopped supporting Windows 7 running on some outdated CPUs
- Chance to join Google Indie Games Accelerator, the program to create 'blockbuster' mobile game for Vietnamese developers
- Samsung only allows users to delay software updates up to 10 times
- Smartphone with 9 cameras coming soon
- Microsoft claims Edge overcomes Chrome and Firefox, becoming the world's best browser
Unique case self-inflated when falling like an airbag to protect iPhone when colliding
Unable to handle the 'dead blue screen', Microsoft stopped supporting Windows 7 running on some outdated CPUs
Chance to join Google Indie Games Accelerator, the program to create 'blockbuster' mobile game for Vietnamese developers
Samsung only allows users to delay software updates up to 10 times
Smartphone with 9 cameras coming soon
Microsoft claims Edge overcomes Chrome and Firefox, becoming the world's best browser