[wp-trac] [WordPress Trac] #47276: possible vulnerability in the core files of WordPress.

WordPress Trac noreply at wordpress.org
Wed May 15 08:08:13 UTC 2019


#47276: possible vulnerability in the core files of WordPress.
--------------------------+-----------------------------
 Reporter:  dansve        |      Owner:  (none)
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Security      |    Version:  5.1.1
 Severity:  critical      |   Keywords:
  Focuses:                |
--------------------------+-----------------------------
 Hello,

 My name is Henrik and I would like to provide some information in regards
 to some recent findings and also request some help on your behalf so that
 we may find a solution.

 Recently several of my clients have reported their WordPress websites
 being hacked, all in the exact same manner. They have absolutely nothing
 in contact to each other, their WordPres website have entirely different
 plugins and themes and are on different versions spanning from 4.8 to 5.1
 - this leads me to the idea that there is a vulnerability in the core
 wordpress files, themes or plugins that wordpress comes installed, because
 i have found an ABSOLUTELY FRESH wordpress installation, with ONLY the
 default things installed which was absolutely hacked to shits. I also want
 to mention they are each on a different servers, but all running cPanel
 installations with softaculouses etc.

 I understand the unlikelihood of there being a core wordpress
 vulnerability and what severity this would bring but please do not shoot
 down my theory as I am also a penetration tester and I am almost certain
 it is a core issue.

 Here are some screenshots of how the infections look
 https://prnt.sc/norkj6
 https://prnt.sc/norkuz
 https://prnt.sc/norlop


 Please provide me a solution to solving this being my clients are getting
 hacked left and right and I am absolutely certain it is not their fault,
 all the servers have mod_sec rules and such - this is a core wordpress
 vuln.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/47276>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list