[wp-trac] [WordPress Trac] #47276: possible vulnerability in the core files of WordPress.
WordPress Trac
noreply at wordpress.org
Wed May 15 08:08:13 UTC 2019
#47276: possible vulnerability in the core files of WordPress.
--------------------------+-----------------------------
Reporter: dansve | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 5.1.1
Severity: critical | Keywords:
Focuses: |
--------------------------+-----------------------------
Hello,
My name is Henrik and I would like to provide some information in regards
to some recent findings and also request some help on your behalf so that
we may find a solution.
Recently several of my clients have reported their WordPress websites
being hacked, all in the exact same manner. They have absolutely nothing
in contact to each other, their WordPres website have entirely different
plugins and themes and are on different versions spanning from 4.8 to 5.1
- this leads me to the idea that there is a vulnerability in the core
wordpress files, themes or plugins that wordpress comes installed, because
i have found an ABSOLUTELY FRESH wordpress installation, with ONLY the
default things installed which was absolutely hacked to shits. I also want
to mention they are each on a different servers, but all running cPanel
installations with softaculouses etc.
I understand the unlikelihood of there being a core wordpress
vulnerability and what severity this would bring but please do not shoot
down my theory as I am also a penetration tester and I am almost certain
it is a core issue.
Here are some screenshots of how the infections look
https://prnt.sc/norkj6
https://prnt.sc/norkuz
https://prnt.sc/norlop
Please provide me a solution to solving this being my clients are getting
hacked left and right and I am absolutely certain it is not their fault,
all the servers have mod_sec rules and such - this is a core wordpress
vuln.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/47276>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list