Created by Boris Grishenko•10/08/2024
I recently wrote about a zero-day flaw in WordPress that allowed hackers to bypass permission limitations, enabling them to view, edit, delete, and create posts. Initially, WordPress did not disclose the vulnerability, opting to work on a patch instead, which left many users unaware and still using outdated versions like 4.7.0 or 4.7.1. As a result, many site admins neglected to update, exposing themselves to attacks.