You saw this message on the Trend Micro Home Network Security app:
WEB WordPress XMLRaPC GHOST vulnerability
Why did this happen?
Trend Micro Home Network Security detected a WEB WordPress XMLRaPC GHOST vulnerability on your network.
What are its risks?
This vulnerability may allow an attacker to obtain sensitive information from an exploited system or, in some instances, perform remote code execution with the privileges of the application being exploited.
The WordPress XML-RPC pingback application programming interface (API) is used to send an overly large hostname, resulting in the process handling the request to crash. This means that when someone releases an exploit, any Web servers running WordPress may also be exploitable.
What should I do next?
- Disable the XML-RPC functionality from WordPress.
- Keep your WordPress and your plugins updated.
- Install the latest updates for the affected applications. Show me how.
- Install a Web application firewall.
What if I have more questions?
For more information, check out these pages: