Auto-upgrade exploit | WordPress.org

jh20001
(@jh20001)

14 years, 6 months ago

Recently (wordpress is up-to-date) we experienced an exploit in our WordPress installation. Someone was able to successfully upload a spoofed bank site template to the upgrade directory (mentioned content: /wp-content/upgrade/wellsfargo/”). They somehow then were able to copy that directory to the root folder on the server (below the public_html folder).

Although we are unsure exactly how they accomplished this, the matter is..they were able to.

I have searched but have not been able to duplicate this problem elsewhere in existence (no one else has been posting about it that I have been able to find).

Something to consider.

The topic ‘Auto-upgrade exploit’ is closed to new replies.

In: Requests and Feedback
0 replies
1 participant
Last reply from: jh20001
Last activity: 14 years, 6 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics