WordPress 3.7-5.0 (except 4.9.9) - Authenticated Code Execution vulnerability

wordpress

Software
WordPress
Versions
3.7-4.9.8, 5.0
Disclosure date
2019-02-28
CVE
CVE-2019-8942
References
Classification
Arbitrary File Download
OWASP Top 10
A1: Injection

Are your websites subject to this vulnerability?

Details

Authenticated Code Execution vulnerability found by Simon Scannell (RIPS Technologies) in WordPress (versions 3.7-5.0, except 4.9.9).

Solution

Update WordPress to the latest available version (at least 5.0.1 or 4.9.9).

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.