According to RIPS Technologies, WordPress 5.0 has Local File Inclusion vulnerability lead to Remote Code Execution in WordPress.

wordpress

If an attacker has author account access on target WordPress site then attacker can execute arbitrary PHP code. After uploading the PHP code, he get full control of server machine or remote machine.

Proof of concept

Poc by Rapidsafeguard

1 COMMENT

LEAVE A REPLY

Please enter your comment!
Please enter your name here