- WP GHOST, a popular safety plugin, brought a 9.6 severity defect
- It allows threat actors to execute malicious code, remotely
- Developers have published a correction and users should update now
WP GHOST, a WordPress popular security plugin, brought a vulnerability that allowed threat actors to launch distant code execution attacks (RCE) and to take care of whole websites.
All versions of WP GHOST up to 5.4.01 are defective and if you use this plugin, be sure to update it to version 5.4.02.
“The GHOST WP plugin has suffered from a vulnerability of inclusion of non -authenticated local files,” said patchstack researchers. “Vulnerability has occurred due to the insufficient user’s input value via the URL access path which will be included as a file. Due to the behavior of the LFI case, this vulnerability could lead to the execution of the remote code on almost the entire environment configuration.”
Updating additional modules
The bug is now followed as CVE-2025-26909 and has received a gravity score of 9.6 / 10 (critic). It was corrected by adding additional validation on the URL or path provided by the user.
WP GHOST is a popular Builder safety plugin, with more than 200,000 facilities.
The plugin page indicates that it stops 140,000 attacks and more than nine million brute force attempts each month.
He claims to offer protection against SQL injection, script injection, exploitation of vulnerability, fall in malware, file inclusion exploits, repertoire crossing attacks and cross script attacks.
“When you work with data provided by the user for a local file inclusion process, always implement strict verification on the value provided and only allow users to access paths or specific files or listed in the white list,” concluded Patchstack.
WordPress is a major target for cybercriminals, and its platform is quite robust, but it comes with a huge repository of plugins and third-party themes, both free and paid.
Many of them are vulnerable to different exploits, which is why WordPress users are invited to carefully choose their additional modules, and always make sure to keep them informed.
Via Bleeping Compompute
