RIPS code Security Analysis detects unknown security issues in your PHP application bundles including WordPress, Mooddle, Prestashop, Joomla and much more without false positive noise. This is More about an unpatched security flaw impacting WordPress, the Internet’s most popular content management system (CMS).RIPS experts said they have told the WordPress team about this particular vulnerability in November last year, but the WordPress Development Team have failed to release a new patch. This flaw can affect the core of the WordPress CMS and not one of its plugins or themes. More accurately, the bug was found in the PHP functions that delete thumbnails for images uploaded on a WordPress site.
That’s basically all there is to it. Update WordPress, update your plugins, and update your themes. Vulnerabilities are constantly being exposed, and automated hacks can easily take advantage of them to compromise your site.It’s also critical to check your premium plugins to ensure they are up to date. They don’t always warn you, and are typically the biggest targets. As per a study the following plugins are most likely to be compromised and most critical to update:
RIPS experts found that users who have access to the post editor — and can upload or delete images (and their thumbs)— can insert malicious code in a WordPress site that deletes crucial files part of the WordPress CMS core, something that should not be possible in any way without access to the server’s FTP. RIPS researchers warn that if an attacker manages to register even a low-level “User” account on a site and then elevate its privileges, he can exploit this vulnerability to hijack sites. They can hijack sites because the vulnerability allows attackers to delete wp-config.php, which is a site’s config file.Attackers who delete this file can re-initiate the installation process and install the site using their own database settings, effectively hijacking the site to deliver custom or malicious content….Read More