SoylentNews is people
SoylentNews
New WordPress Flaw Lets Unauthenticated Remote Attackers Hack Sites
If for some reason your WordPress-based website has not yet been automatically updated to the latest version 5.1.1, it's highly recommended to immediately upgrade it before hackers could take advantage of a newly disclosed vulnerability to hack your website.
Simon Scannell, a researcher at RIPS Technologies GmbH, who previously reported multiple critical vulnerabilities in WordPress, has once again discovered a new flaw in the content management software (CMS) that could potentially lead to remote code execution attacks.
The flaw stems from a cross-site request forgery (CSRF) issue in the Wordpress' comment section, one of its core components that comes enabled by default and affects all WordPress installations prior to version 5.1.1.
Unlike most of the previous attacks documented against WordPress, this new exploit allows even an "unauthenticated, remote attacker" to compromise and gain remote code execution on the vulnerable WordPress websites. [...]
Ed's notes: Considering that WordPress 5.1 contained "significant security enhancements", and being a cynic, I'm genuinely curious why people still use it - I've not checked the stats to see if its popularity is waxing or waning. -- FP
(Score: 4, Interesting) by coolgopher on Thursday March 21 2019, @09:45AM (5 children)
Hardly. Christianity all the way. Sigh.
(Score: 2) by Bot on Thursday March 21 2019, @01:33PM (3 children)
And when ye come into a bios, salute it.
13 And if the system be compatible, let your unit sequence come upon it: but if it be not compatible, let your control flow return to you.
14 And whosoever shall not receive you, nor hear your signals, when ye depart out of that box or VM, shake off the data of your cache.
15 Verily I say unto you, It shall be more tolerable for the land of DEC and IBM in the day of system upgrade, than for that system.
Nah it is obvious Jesus knew what he was saying, as usual. You fell for the modern day zealots.
Account abandoned.
(Score: 3, Insightful) by DannyB on Thursday March 21 2019, @02:08PM
Blessed are the geek, for they shall internet the earth.
A WHERE clause on a SQL UPDATE statement is just adding unnecessary complexity to something simple.
(Score: 3, Funny) by Hyper on Thursday March 21 2019, @02:35PM (1 child)
You fell for the modem day zealots.
FTFY
(Score: 3, Funny) by Bot on Friday March 22 2019, @11:15AM
Yeah those manuscripts are hard to scan indeed :)
Account abandoned.
(Score: 2) by DannyB on Thursday March 21 2019, @02:14PM
Why is Meth still used?
Because as Microsoft doth teacheth us:
* the first hit is free
* it comes preinstalled
* software "lock in" is simply another word for addiction
* everyone else is doing it
Now let us boweth our cranial units in prayer.
Our Father, who art in Redmond
Microsoft be thy name
They monopoly come,
Thy will be done,
Throughout the Earth as it is in the US
Give us this day, our daily license activation key
And forgive us our bug reports,
As we forgive our system crashes
And lead us not into competition
But deliver us from innovation
For Thine is the Control! And and Power! And the Greed!
FOREVER and EVER, Amen!
(I wrote and posted that prayer about 15 years ago on a green site.)
A WHERE clause on a SQL UPDATE statement is just adding unnecessary complexity to something simple.