Dnext

December 6, 2022 11:39pm

#WordPress installer #attack race

source: https://smitka.me/2022/07/01/wordpress-installer-attack-race/

The attacker uses the #Certificate Transparency Log to find new WordPress #installations. It works because you usually generate the #SSL certificate when you set up a hosting space. When the certificate is issued, the record appears in the public log.

...

It takes only 4 minutes from the certificate issue to abuse the installer (but in some cases, the attacker managed to do it in under 1 minute).

#internet #blog #security #backdoor #problem #www #web #software #install #news

WordPress installer attack race

“The Famous WordPress 5-Minute Install” was great. Unfortunately, today it can cause serious security problems. The typical scenario is to upload core files to your host, open the insta…

#WordPress installer #attack race

There are no comments yet.