Thursday, May 4, 2017

WordPress security issue: Unauthenticated Remote Code Execution (RCE)

A critical security WordPress vulnerability was recently published. The Remote Code Execution PoC exploit described in this advisory is based on version 4.6. However, other versions of WordPress prior to 4.7.1 may also be affected.

The WordPress team strongly encourages their users to update their Wordpress site(s) to the most recent version: 4.7.4.  If you already have a running version of Bitnami WordPress, the application can be updated from the admin panel. Note that the Automatic Background Upgrades functionality is enabled by default but upgrading from 4.6.x to 4.7.y is not automatic. You can confirm that the update has been done by checking the version from within your admin panel.

We have released Bitnami WordPress 4.7.4 (and Multisite version) installers, virtual machines and cloud images for all platforms.

Have questions about Bitnami WordPress or the security issue? Post to our Community Forum, and we would be happy to help you.