New WordPress vulnerabilities have been discovered by experts and require all WordPress webmasters to update immediately. Keep the latest version 5.1.1 (WordPress 5.1.1) to avoid hacking websites.
Researcher from RIPS Technologies GmbH, Simon Scannell, discovered this new flaw in WordPress Content Management Software (CMS). Allow hackers to attack remotely by executing code (remote code execution) to hack your website.
This vulnerability arises from a cross-site request forgery (CSRF) in the comment section of an existing WordPress application, and this vulnerability exists on WordPress versions. Before all. The expert points out that the new vulnerability allows an attacker to remotely execute code on a website. Using WordPress.
According to Simon Scannell on The Hacker News, hackers can take full control of WordPress 5.1.1 websites. Just enter the XSS code that can modify the WordPress template directly to install PHP backdoor.
Simon reported the issue in October 2018.
However, WordPress experts have been trying to solve this problem until the latest stable version was released last year. Last Wednesday was version 5.1.1 to fix this vulnerability.
So if you have not yet updated your WordPress website, please hurry to update your website to version 5.1.1. Go immediately.