Seven months ago, security experts discovered a critical file deletion vulnerability that affects all WordPress versions, currently, the issue is still unpatched.
The vulnerability could be exploited to complete takeover of the websites running the popular CMS and gain arbitrary code execution. The issue is severe if we consider the potential impact, WordPress is the most popular CMS and according to w3tech, it is used by approximately 30% of all websites
A pre-requisite to exploit the vulnerability is that the attacker would have to gain privileges to edit and delete media files. The vulnerability cannot be exploited in massive attacks because it requires a user account.
