edit-icon download-icon

[Vulnerability notice] CVE-2016-10033: Unauthorized remote code execution vulnerability in WordPress

Last Updated: Apr 18, 2018

On May 3, 2017, the open-source CMS software WordPress was revealed to have multiple vulnerabilities, one of which can be remotely exploited to run arbitrary code and obtain service permissions.

See the following for more information about the vulnerability.


CVE identifier

CVE-2016-10033

Vulnerability name

WordPress unauthorized remote code execution vulnerability

Vulnerability rating

High

Vulnerability description

The vulnerability exists in the widely used PHPMailer mail() function. A remote attacker can run the constructed malicious code over PHPMailer enabled by default to trigger the vulnerability without logon and obtain system permissions.

Condition and method of exploitation

The system runs on Exim4. A remote attacker can directly exploit the vulnerability.

Affected scope

  • WordPress < 4.7.1
  • PHPMailer < 5.2.20

Systems using Nginx as middleware are not affected by this vulnerability.

Vulnerability detection

Check whether any affected versions of WordPress and PHPMailer are used. You can open the wordpress/wp-includes/class-php-mailer.php file to view the PHPMailer version.

How to fix or mitigate

  • The vulnerability PoC is revealed. We recommend that you immediately upgrade to the official release of 4.7.4 or later to fix the vulnerability. For more information, see the WordPress Help document.

  • If you use Apache, you can specify ServerName as your website domain name and enable Apache’s UseCanonicalName function to avoid the risk.

    1. UseCanonicalName On

Reference

[1]. https://cxsecurity.com/issue/WLB-2017050014
[2]. https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/

Thank you! We've received your feedback.