Recently a security hole was found on the latest version of wordpress, version 5.2.3
Attack script
- This attack can bypass simple WAF (Web Application Firewall) to access restricted content on web server, such as phpMyAdmin.
- This attack could compromise your WordPress site with content from the default vhost.
Solution
- Set security headers for webserver and no-cache for Cache-Control
There are no any updates from wordpress for this vulnerability and the POC (Exploit Exploiting Tool) has been spread publicly on the network. So you need to check and enhance the security of your website as well as backup data regularly to avoid unfortunate cases.
- Instructions to use .htaccess file to enhance security for WordPress website
- Some configuration settings in wp-config help improve WordPress security
The post Warning: Wordpress security vulnerability 5.2.3 - Remote Cross Site Host Modification appeared first on HOSTVN Blog.
0 Comments