Security Expert Re: New WordPress RCE Exploit (CVSS Score 10.0 )

By   ISBuzz Team
Writer , Information Security Buzz | Jul 13, 2020 01:07 am PST

Webmasters who use WordPress plugin Adning Advertising are urged to patch against a critical vulnerability that is reportedly being exploited in the wild. Exploitation of the flaw enables an unauthenticated attacker to upload arbitrary files, leading to remote code execution (RCE) and potentially a full site takeover.

Such is the flaw’s seriousness, MITRE has assigned it the highest possible CVSS score – 10.0.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Jayant Shukla
Jayant Shukla , CTO and Co-Founder
July 13, 2020 9:12 am

Remote Code Execution (RCE) remains one of the most dangerous exploits in the cybercriminal arsenal. RCE allows criminals to run what they want on the server they exploit. Some of the largest data breaches, like the Equifax attack, started with an RCE attack.

Traditional application security tools like Web Application Firewalls (WAFs) have a tough time with RCE attacks because they typically rely on understanding a past RCE attack to detect a new zero-day attack. RASP (Runtime Application Self-Protection) solutions sit on the server and have a better understanding of the application. A RASP can \”see\” when code that shouldn\’t be there gets to run and can help stop RCE attacks.

Developers can also implement good coding practices to reduce the risk of RCE when writing and creating a web application. In addition to making sure they have application security, the simplest thing any organization can do to help reduce vulnerabilities is to keep their code up to date and patched.

Last edited 3 years ago by Jayant Shukla

Recent Posts

Would love your thoughts, please comment.x