Code injection vulnerability in WordPress – taxonomy.php
-
Hi Guys,
This is the email we got for one of the websites we manage, from Letshost:
LetsHost regularly scans our servers for the latest security threats, out of date scripts and items which affect the smooth running of our servers.
We have detected software vulnerabilities in PHP scripts on your hosting package. To prevent system abuse resulting from exploitation of these vulnerabilities, these should be addressed as quickly as possible. This concerns the following vulnerabilities:
Code injection vulnerability in WordPress
/…/public_html/wp-includes/taxonomy.phpVulnerabilities such as these can allow third parties to access your hosting package and abuse this through e.g. uploading malware for various purposes. We strongly recommend you check the entire hosting package for other files that appear out of place, which our detection system might have missed.
Should these issues remain vulnerable, we reserve the right to patch these automatically within 1 week.
If you have any questions arising from this message, please contact your web developer in the first instance.
Best regards,
LetsHost Security Team.
I have checked the ‘problem’ file and it matches the original WordPress one.
Any ideas or suggestions, please?
Kind Regards
Michal
-
Think I was in too much rush to post here, as it was probably related to website still being in WP version of 4.7.3? Looks like 4.7.4 taxonomy.php was changed slightly, so most likely the issue was targeted already? At least I hope so! ??
- The topic ‘Code injection vulnerability in WordPress – taxonomy.php’ is closed to new replies.