Vulnerabilities/

WordPress 4.6 Blind OS Command Execution

Severity:
High

Description

PHPMailer before 5.2.18 allows remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code. It is possible to execute remote OS commands using the Host header in WordPress.

Recommendation

Updgrade WordPress to the latest stable version.

References

Related Issues

Tags:
Wordpress
RCE
PHPMailer
Command Injection
Input Validation
Injection
Anything's wrong? Let us know Last updated on May 13, 2024

This issue is available in SmartScanner Professional

See Pricing