Recently it’s been discovered by WordPress developers that there are seven issues that allow hackers to obtain access to a WordPress website.
- Authenticated File Delete
- Authenticated Post Type Bypass
- PHP Object Injection via Meta Data
- Authenticated Cross-Site Scripting (XSS)
- Cross-Site Scripting (XSS) that could affect plugins
- User Activation Screen Search Engine Indexing Exposes emails and default generated passwords to search engines
- File Upload to XSS on Apache Web Servers
All those who are having their website still in WordPress versions 5.0 and earlier are affected by the following bugs, which are fixed in version 5.0.1. Updated versions of WordPress 4.9 and older releases are also available, for users who have not yet updated to 5.0.
So those websites are exposed to WordPress vulnerability threat and can be hacked by hackers. This can affect your reputation online as well as sales.
It’s always better to take an annual maintenance contract or a one time maintenance to keep your website and investment safe.