Wordpress
July 4, 2020

Zero-Day RCE in vBulletin v5.0.0-v5.5.4

Nick

A new remote code execution (RCE) zero-day vulnerability has been disclosed by an anonymous researcher on the full disclosure mailing list this past Monday.

This vulnerability is extremely severe. It allows any website visitors to run PHP code and shell commands on the site’s underlying server.

Am I At Risk?

Update: vBulletin has released security patches available here.

At the time of writing this, this is still a zero-day vulnerability—meaning there are no official patches available to fix this issue.

Continue reading Zero-Day RCE in vBulletin v5.0.0-v5.5.4 at Sucuri Blog.

Share this:
Twitter icon Facebook icon LinkedIn icon Pinterest icon

More great articles

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 16, 2024 to September 22, 2024)

Did you know Wordfence runs a Bug Bounty Program for all WordPress plugins and themes at no cost to vendors?…

Read Story
Wordpress
September 26, 2024

Earn up to $10,000 for Vulnerabilities in WordPress Software – 6X Rewards in the Wordfence Holiday Bug Extravaganza!

At Wordfence our mission is to Secure The Web. WordPress powers over 40% of the Web, and Wordfence secures over…

Read Story
Wordpress
December 1, 2023

WordPress Vulnerability & Patch Roundup October 2022

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are…

Read Story
Wordpress
October 28, 2022

Emergency WordPress Help

One of our techs will get back to you within minutes.