Critical RCE Vulnerability in Yandex Market Plugin for WordPress
Severity: High (Score: 72.9)
Sources: patchstack.com, Patchstack
Summary
A critical remote code execution (RCE) vulnerability has been identified in the Yandex Market Plugin for WordPress, allowing attackers to execute arbitrary commands on affected websites. This vulnerability could enable malicious actors to gain backdoor access and take full control of the compromised sites. Users are advised to update to version 5.0.26 or later to mitigate the risk. Patchstack has issued a mitigation rule to block potential attacks until the plugin is updated. The vulnerability has been assigned a CVSS score, emphasizing its severity. Users unable to update should contact their hosting provider or web developer for assistance. The vulnerability affects all installations of the Yandex Market Plugin prior to the patched version. Immediate action is recommended to prevent exploitation. Key Points: • Critical RCE vulnerability in Yandex Market Plugin for WordPress. • Attackers can gain backdoor access and control of affected websites. • Update to version 5.0.26 or later is essential to mitigate the risk.