Thursday, February 21, 2019

Remote Code Execution Vulnerability in WordPress

A remote code execution vulnerability in the WordPress core has recently been found. The vulnerability affects all WordPress versions prior to 5.0.3.

This vulnerability has been present for over 6 years and can be exploited by an attacker with at least "author" privileges. More information about the vulnerability can be found in the announcement.

A fix that completely addresses this vulnerability will be included in the next WordPress release. In the meantime, we have released Bitnami WordPress 5.0.3 (and Multisite version) installers, virtual machines and cloud images for all platforms. We have also released updated WordPress containers and Helm Charts for Kubernetes.

Have questions about Bitnami WordPress or the security issue? Post to our community forum, and we would be happy to help you.