Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

WordPress < 1.5.1.4 RCE

Medium

Synopsis

The remote server is hosting an outdated installation of WordPress that is vulnerable to a script injection attack.

Description

Versions of WordPress prior to 1.5.1.4 will accept and execute arbitrary PHP code passed to the 'cache_lastpostdate' parameter via cookies provided PHP's 'register_globals' setting is enabled.

Solution

Upgrade to version 1.5.1.4 or disable PHP's 'register_globals' setting.