Critical WordPress Security Flaw Left Unpatched for Six Years


#1

Not sure if this is important to ClassicPress in any way, but here it is…

Six years??? Ugh.


#2

Looking at https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/ seems that is still unpatched but anyway is very difficult to use and require a malicious plugin.


#3

So, at that point, ie. when you already have got a malicious plugin on your system, there is no need to exploit this issue, because then you’re already “in”. and can do much more harm than that.

cu, w0lf.