Wordpress
July 4, 2020

Zero-Day RCE in vBulletin v5.0.0-v5.5.4

Nick

A new remote code execution (RCE) zero-day vulnerability has been disclosed by an anonymous researcher on the full disclosure mailing list this past Monday.

This vulnerability is extremely severe. It allows any website visitors to run PHP code and shell commands on the site’s underlying server.

Am I At Risk?

Update: vBulletin has released security patches available here.

At the time of writing this, this is still a zero-day vulnerability—meaning there are no official patches available to fix this issue.

Continue reading Zero-Day RCE in vBulletin v5.0.0-v5.5.4 at Sucuri Blog.

Share this:
Twitter icon Facebook icon LinkedIn icon Pinterest icon

More great articles

Critical Vulnerability Remains Unpatched in Two Permanently Closed MiniOrange WordPress Plugins – $1,250 Bounty Awarded

🎉 Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to…

Read Story
Wordpress
March 13, 2024

$1,900 Bounty Awarded for Arbitrary Options Update Vulnerability Patched in Cookie Information | Free GDPR Consent Solution WordPress Plugin

On December 11th, 2023, during our Holiday Bug Extravaganza, we received a submission for an Arbitrary Options Update vulnerability in…

Read Story
Wordpress
February 6, 2024

Vulnerability & Patch Roundup January 2024

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are…

Read Story
Wordpress
March 7, 2024

Emergency WordPress Help

One of our techs will get back to you within minutes.