So far, the vulnerable sites under these new attacks are those
running WordPress plugins such as Insert PHP and Exec-PHP, which
allow visitors to customize posts by inserting PHP-based code
directly into them.
reply
Most people use Wordpress for blogging, is generates HTML pages. The Wordpress team, so proud of their new "REST API",had the stupid idea to enable the new REST endpoints BY DEFAULT,even for users who would have no fucking use for it, increasing the attack surface for a CMS which is already not reputed for its secure ecosystem. That was a dumb stuff to do I hope it will push users to move away from Wordpress.
reply