Social Icons

Wednesday, June 27, 2018

Researchers discover a flaw in the WordPress core


It's been almost eight months now that, according to the researchers, the WordPress team has been informed of a flaw in the system that could affect the CMS, which, let's remember, is the most popular content management system. popular on the internet. The researchers used RIPS, a static code analysis tool to automatically detect vulnerabilities in PHP applications, to detect the flaw. The vulnerability affects the core of the WordPress CMS, specifically the PHP functions. This is a very big problem because PHP is one of the most popular and accessible programming packages. In fact, most of the beginners in programming start with PHP.

The vulnerability allows a malicious user to insert malicious code in a WordPress site and makes it possible to delete any file from the installation of WordPress and any other file on the server that only the user of the PHP process has the necessary permissions to delete. Even the following files can be deleted: .htaccess, index.php and wp-config.php. This should not in principle be possible. Faced with such a perilous situation, it is all the more curious that the WordPress team has visibly done nothing. This type of incident seems to be repeated in recent years. Recall that early this year, a flaw in WordPress allowed to put the sites out of service with a simple workstation.
No solution seems to be provided by the WordPress team against this vulnerability which concerns all versions of the famous content manager, even version 4.9.6 which is the current version. However, you need to have a certain level of access to exploit this flaw. This could explain why WordPress teams do not seem to care much about this flaw, which they may consider to be without major risk. However, the researchers explain that if any user could even register a low-level user account on a site and elevate their privileges, they can exploit this vulnerability to compromise a WordPress site.

No comments:

Post a Comment

Category Of Mobile Courses

Actualités (644) Adsense (1) Affiliation (1) Algebraic Topology (2) Algorithmic (1) all-news (30) Android (5) Android App (8) Android app without code (4) Android Apps (195) Android Development (4) Android download (2) Android OS (3) AngularJS (1) Automata theory and formal language (5) C programming (5) Category and Functor (8) CMS (3) Computer Glossary (18) Create Mobile App With Ionic Framework (2) CSS (2) CSS-Cascading-Style-Sheets (4) Developpement Java (13) Differential Geometry (1) Django-Python-Framework (8) dropshiping (26) Earn Money by Internet (4) Emplois (23) Framework php (2) Fraud (2) HTML (7) Java For Beginners (10) Javascript (12) Kotlin Programming Language (8) Kotlin For Mobile Android (1) Linux Download (2) Marketing (5) Mobile (3) Mobile Courses (4) Mobile Marketing (4) MoneyGram (1) News (721) Node.js (5) Open Source (1) Photoshop (1) Protect Computer (1) Python (35) Python BeautifulSoup (1) Python For Data Science (2) Python-Books (6) Python-DVD-Training (1) Python-Exercises (175) Python-Framework (1) Python-IDE (1) Python-Modules (1) Python-pdf (2) Python-pyQt (1) Référencement (2) Script PHP (2) Security (6) SEO (1) Snipping Tool: Faq (1) Social Networks (1) Source Code (1) Statistics With SPSS (2) Surveillance Software (1) Travail à domicile (6) Tutoriels php en vidéos (2) Tutoriels-MySql (6) tutoriels-php (19) Utilitaires (1) VPS (1) Web Hosting (1) Webcam (1) Webmarketing (11) Western Union (1) Windows 10 (1) Windows 7 (4) Windows 7 Faq (2) Windows 8 (1) Windows Accessories (1) Windows Download (8) Windows Drivers (1) Windows Fonts (1) Windows Power Shell (2) Windows Registry (2) Windows Security (18) Windows Software (2) Windows Spyware (2) Windows utilities (3) Windows Virus (2) Windows Vista (3) Windows Wireless (1) Windows xp (1) Wordpress (1)
 

Sample text

Sample Text

 
Blogger Templates