Warning: Dangerous security holes in Wordpress platform, hackers can take advantage to take control of the website
According to the experts at CyStack network security company, a dangerous vulnerability exists in the function of deleting posts of all Wordpress versions, a popular website building platform.
Hackers can take advantage of sending a request to remove the vulnerability to insert malicious code and delete files on the server, hijacking the website.
Specifically, when doing deletion, the thumb file (information posted on the post variable in the HTTP packet) corresponding to that post will also be deleted if it exists. Since deleting files does not go through security checks, hackers can delete any files on the hosting folder of the website by changing the value of the thumb of the article. This can cause enormous damage to websites, if the data is not backed up, it may cause the website to lose data permanently.
Even the latest version of Wordpress is 4.9.6, there is also this security hole and currently wordpress has not released any patch to fix.
As recommended by security experts, site administrators need to make hot fixes to the vulnerability to avoid becoming a victim of hackers in the following way:
- Review the list of users and administrators of the website.
- Perform full backup of website data.
- Apply the researchers' Hotfix to prevent deleting files from users.
See more:
- 10 most popular WordPress errors and how to fix them
- How to fix White Screen of Death error in WordPress
- Guide to turning Blogger into WordPress does not worry about losing Google rankings
You should read it
- How to delete posts posted on WordPress
- How to add new posts on WordPress
- 5 mistakes everyone mistakenly thinks about WordPress
- Find security holes on every site with Nikto
- Facebook error allows anyone to delete your photo
- Which platform is better for WordPress.com and WordPress.org?
- The Mail app on iOS has serious vulnerabilities
- WordPress plugins with more than 300,000 pages that use vulnerabilities are vulnerable to SQL Injection attacks
- How to import images from external sources into WordPress
- Microsoft expert discovered a series of serious code execution errors in IoT, OT devices
- Why is WordPress free?
- Squarespace and WordPress - Which one is better?
Maybe you are interested
Top 5 best free online video editing websites
How to delete specific websites from Firefox history
YTMD - Alternative App to YouTube Music Website
The 'Do Not Track' Feature Is Practically Useless: Take These Measures to Stop Websites From Tracking You!
15 safe software and application download websites for Windows
Top 6 best free poster creation websites 2024