all InfoSec news
Latest Alerts for WordPress: POP Chain Leading to Site Takeover, Backdoor-Distributing Phishing Campaign
Malware Analysis, News and Indicators - Latest topics malware.news
On December 6, 2023, WordPress rolled out version 6.4.2, addressing a vulnerability introduced in version 6.4 – specifically, a POP chain issue within the core. This vulnerability depended on the existence of an additional PHP Object Injection vulnerability. Simply put, coupled with any other Object Injection vulnerability that may exist in a plugin, it presented a critical threat, potentially enabling arbitrary PHP code execution on websites. Wordfence emphasizes this risk, underscoring the potential for a complete site takeover.
Simultaneously, a …
alerts backdoor campaign december injection issue latest object phishing phishing campaign php pop takeover version vulnerability wordpress