New WordPress Zero Day Exploit [Link]

April 28, 2015 by Gabe | [mmd] | ℳ↫

This is bad. Update your WordPress blogs. Maybe consider something more simple if you're not the size of TechCrunch.

"If triggered by a logged-in administrator, under default settings the attacker can leverage the vulnerability to execute arbitrary code on the server via the plugin and theme editors," Jouko Pynnönen, a researcher with Finland-based security firm Klikki Oy, wrote in a blog post published Sunday evening. "Alternatively the attacker could change the administrator's password, create new administrator accounts, or do whatever else the currently logged-in administrator can do on the target system."

tags