This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects attempts to exploit a remote code execution vulnerability in WordPress.
WordPress is a PHP-based content manager.
WordPress is prone to a remote code-execution vulnerability becasue it fails to properly handle specially crafted metadata. Specifically, the issue occurs because the '_wp_attached_file' Post Meta entry can be changed to an arbitrary string such as one ending with a '.jpg?file.php' sub string. An attacker can exploit this issue to execute arbitrary code by uploading a crafted image containing PHP code in the 'Exif' metadata.
Attackers can exploit this issue to execute arbitrary code or crash the affected application. Failed exploit attempts will likely result in denial of service conditions.
- WordPress version before 4.9.9 and 5.x before 5.0.1