- WP Ghost, a popular security complement, had a defect of 9.6 severity
- Allows threat actors to execute malicious code, remotely
- The developers launched a patch and users must now update
WP Ghost, a complement to popular safety WordPress, carried a vulnerability that allowed threat actors to launch remote code execution attacks (RCE) and take care of complete websites.
All versions of WP Ghost up to 5.4.01 are defective, and if you are using this complement, be sure to update it to version 5.4.02.
“The WP Ghost complement suffered a vulnerability to include local non -authenticated files,” Patchstack researchers explained. “The vulnerability occurred due to the insufficient user entry value through the URL route that will be included as a file. Due to the behavior of the LFI case, this vulnerability could lead to the remote execution of the code in almost the entire configuration of the environment.”
Accessories update
The error is now tracked as CVE-2025-26909, and was given a gravity score of 9.6/10 (critic). It was a pairing adding additional validation on the URL or user’s supplied route.
WP Ghost is a popular security complement to Builder Builder, with more than 200,000 facilities.
The complement page establishes that it stops 140,000 attacks and more than nine million brute force attempts every month.
He claims to offer protection against SQL injection, script injection, vulnerability exploitation, malware falling, file inclusion exploits, transverse directory attacks and sequence attacks of cross -sites commands.
“When working with data provided by the user for a local file inclusion process, it always implies a strict verification in the value supplied and only allows users to access specific routes or files or with the white list,” Patchstack concluded.
WordPress is an important objective for cybercriminals, and its platform is quite robust, but it comes with a large repository of third party accessories and issues, both free and paid.
Many of these are vulnerable to different exploits, so WordPress users are advised to carefully choose their accessories, and always be sure to keep them updated.
Through Bleepingcomputer
