[Defender] WordPress

Hello,

since two days I get this message from Defender for a few sites (not all). All sites are running the latest wordpress version. I don’t know what this message means and what to do.

##############################

WordPress Vulnerability

Version: 4.9.6

WordPress <= 4.9.6 – Authenticated Arbitrary File Deletion (unpatched)

Vulnerability type: UNKNOWN

This bug has been fixed in version:

##############################

  • Nastia
    • Support Rock Star

    Hello Thomas

    Hope you’re doing well!

    This is a known WordPress vulnerability, once the next version of WordPress will be released it should include a patch that fixes the issue. A temporary fix was released. Please add this to functions.php to your theme:

    add_filter( 'wp_update_attachment_metadata', 'rips_unlink_tempfix' );

    function rips_unlink_tempfix( $data ) {
    if( isset($data['thumb']) ) {
    $data['thumb'] = basename($data['thumb']);
    }

    return $data;
    }

    Make sure to remove it when the next version of WordPress will be released.

    Hope this helps!

    Cheers,

    Nastia

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.