WordPress.org

Support

Support » Requests and Feedback » Auto-upgrade exploit

Auto-upgrade exploit

  • Recently (wordpress is up-to-date) we experienced an exploit in our WordPress installation. Someone was able to successfully upload a spoofed bank site template to the upgrade directory (mentioned content: /wp-content/upgrade/wellsfargo/”). They somehow then were able to copy that directory to the root folder on the server (below the public_html folder).

    Although we are unsure exactly how they accomplished this, the matter is..they were able to.

    I have searched but have not been able to duplicate this problem elsewhere in existence (no one else has been posting about it that I have been able to find).

    Something to consider.

  • The topic ‘Auto-upgrade exploit’ is closed to new replies.
Skip to toolbar