Warning: Wordpress security hole 5.2.3 - Remote Cross Site Host Modification - HOSTVN Blog

wordpress security

Recently a security hole was found on the latest version of wordpress, version 5.2.3

wordpress security

Attack script

  • This attack can bypass simple WAF (Web Application Firewall) to access restricted content on web server, such as phpMyAdmin.

  • This attack could compromise your WordPress site with content from the default vhost.


  • Set security headers for webserver and no-cache for Cache-Control

There are no any updates from wordpress for this vulnerability and the POC (Exploit Exploiting Tool) has been spread publicly on the network. So you need to check and enhance the security of your website as well as backup data regularly to avoid unfortunate cases.

  • Instructions to use .htaccess file to enhance security for WordPress website

  • Some configuration settings in wp-config help improve WordPress security

The post Warning: Wordpress security vulnerability 5.2.3 - Remote Cross Site Host Modification appeared first on HOSTVN Blog.