Zero-Day RCE in vBulletin v5.0.0-v5.5.4


A new remote code execution (RCE) zero-day vulnerability has been disclosed by an anonymous researcher on the full disclosure mailing list this past Monday.

This vulnerability is extremely severe. It allows any website visitors to run PHP code and shell commands on the site’s underlying server.

Am I At Risk?

Update: vBulletin has released security patches available here.

At the time of writing this, this is still a zero-day vulnerability—meaning there are no official patches available to fix this issue.

Continue reading Zero-Day RCE in vBulletin v5.0.0-v5.5.4 at Sucuri Blog.

More great articles

Widespread Attacks Continue Targeting Vulnerabilities in The Plus Addons for Elementor Pro

Over the past 10 days, Wordfence has blocked over 14 million attacks targeting Privilege Escalation Vulnerabilities in The Plus Addons…

Read Story

High Severity Vulnerabilities in PageLayer Plugin Affect Over 200,000 WordPress Sites

A few weeks ago, our Threat Intelligence team discovered several vulnerabilities present in Page Builder: PageLayer – Drag and Drop…

Read Story

Large-Scale Attacks Target Epsilon Framework Themes

On November 17, 2020, our Threat Intelligence team noticed a large-scale wave of attacks against recently reported Function Injection vulnerabilities…

Read Story

Emergency WordPress Help

One of our techs will get back to you within minutes.