Summary
WordPress released emergency patches for two vulnerabilities, including a critical RCE flaw in the REST API and a high-severity SQL injection. Attackers can chain these bugs to take full control of websites without needing login credentials.
Take Action:
If you run a WordPress site, update immediately to version 6.8.6, 6.9.5, or 7.0.2. Don't rely on automatic updates alone - manually check your WordPress version to confirm the patch is applied. If you use Cloudflare or Wordfence Premium, you're already protected against these attacks while you patch.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)