Critical WordPress plugin vulnerability allowed attackers to wipe database

It is worth noting that any authenticated user can exploit this vulnerability whether they are authorized or not and wipe all tables stored in a WordPress installation database to restart the WordPress installation process. The exploitation requires the attacker to pass a query parameter such as “%%wp” to delete all the tables with the prefix wp.

Read full article on HackRead

 


Date:

Categorie(s):