Warning: Dangerous security holes in Wordpress platform, hackers can take advantage to take control of the website

According to the experts at CyStack network security company, a dangerous vulnerability exists in the function of deleting posts of all Wordpress versions, a popular website building platform.

Hackers can take advantage of sending a request to remove the vulnerability to insert malicious code and delete files on the server, hijacking the website.

Specifically, when doing deletion, the thumb file (information posted on the post variable in the HTTP packet) corresponding to that post will also be deleted if it exists. Since deleting files does not go through security checks, hackers can delete any files on the hosting folder of the website by changing the value of the thumb of the article. This can cause enormous damage to websites, if the data is not backed up, it may cause the website to lose data permanently.

Even the latest version of Wordpress is 4.9.6, there is also this security hole and currently wordpress has not released any patch to fix.

As recommended by security experts, site administrators need to make hot fixes to the vulnerability to avoid becoming a victim of hackers in the following way:

• Review the list of users and administrators of the website.
• Perform full backup of website data.
• Apply the researchers' Hotfix to prevent deleting files from users.

See more:

• 10 most popular WordPress errors and how to fix them
• How to fix White Screen of Death error in WordPress
• Guide to turning Blogger into WordPress does not worry about losing Google rankings