DEV Community

Cover image for WordPress Patches Critical Unauthenticated Remote Code Execution Chain
BeyondMachines for BeyondMachines

Posted on • Originally published at beyondmachines.net

WordPress Patches Critical Unauthenticated Remote Code Execution Chain

Summary

WordPress released emergency patches for two vulnerabilities, including a critical RCE flaw in the REST API and a high-severity SQL injection. Attackers can chain these bugs to take full control of websites without needing login credentials.

Take Action:

If you run a WordPress site, update immediately to version 6.8.6, 6.9.5, or 7.0.2. Don't rely on automatic updates alone - manually check your WordPress version to confirm the patch is applied. If you use Cloudflare or Wordfence Premium, you're already protected against these attacks while you patch.


Read the full article on BeyondMachines


This article was originally published on BeyondMachines

Top comments (0)