Recently disclosed WordPress vulnerability made a massive shock to some WordPress community members. It’s not the vulnerability itself. Some users were shocked by the fact that it was already reported to the WordPress Security team about seven months ago. Well, let’s analyze everything step by step.
Disclosed WordPress vulnerability
First of all, relax. I can say that most of the WordPress sites are not affected by this vulnerability. In order to exploit this vulnerability, certain conditions are required. In this case, an attacker must have sufficient rights to edit and delete media files (for example “author” role or any custom role with the previously mentioned rights). There are several possible ways to affect site security by exploiting this vulnerability.