Just a few days ago, security researchers made public a critical flaw in all WordPress versions, which are older than 4.9.9.
The flaw allows anyone with “author” privileges to completely gain control over a WordPress website. All WordPress versions from the last 6 years are affected.
If you are using a WordPress version, which is older than 4.9.9, you have to update to the latest version immediately so as to protect yourself from this vulnerability.
Even though the attack vector requires a profile with “author” privileges, access to such an account can be gained via multiple methods like phishing, password reuse, etc.
Once the attacker gains access to such an account, they can execute PHP code on the server, effectively taking over the whole WordPress website.
More information about this new vulnerability can be found in the original report from RIPS Technologies GmbH.
If you have any questions about how to update your WordPress website, don’t hesitate to get in touch with us.