Some plugins in WordPress CMS are vulnerable and allow unauthorised activity in your hosting account such as spam, unauthorised access etc. We have a list of such know plugins in another article. Have a look at those plugins too and remove them if you have them. Such plugins need to be Deactivated and Deleted from your WordPress account.<\/p>\n
Below is a list of vulnerabilities in the plugins:<\/strong><\/p>\n 1. <\/strong>Arbitrary file viewing<\/strong> 2. <\/strong>Arbitrary file upload<\/strong> Privilege escalation<\/strong> SQL injection<\/strong> Remote code execution (RCE)<\/strong> Some plugins in WordPress CMS are vulnerable and allow unauthorised activity in your hosting account such as spam, unauthorised access etc. We have a list of such know plugins in another article. Have a look at those plugins too and remove them if you have them. Such plugins need to be Deactivated and Deleted from […]<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","template":"","meta":{"_eb_attr":"","_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"footnotes":""},"doc_category":[1838],"doc_tag":[],"class_list":["post-5347","docs","type-docs","status-publish","hentry","doc_category-wordpress"],"year_month":"2026-06","word_count":226,"total_views":0,"reactions":{"happy":0,"normal":0,"sad":0},"author_info":{"name":"w m","author_nicename":"wm","author_url":"https:\/\/truehost.com\/support\/author\/wm\/"},"doc_category_info":[{"term_name":"WordPress","term_url":"https:\/\/truehost.com\/support\/docs-category\/wordpress\/"}],"doc_tag_info":[],"yoast_head":"\n
\nThis allow the attacker to view files in your account including those with sensitive information such as wp-config.php<\/p>\n
\nThis allows the upload of files that can executed on to do almost anything on the account ranging from spamming, to redirection of site, running of a resource intensive program eg cnrig among other things.<\/p>\n
\nHere, an attacker is able to create an account in your dashboard. The attacker can then escalate the privileges of the account say from subscriber to administrator<\/p>\n
\nBy not escaping and filtering data that goes into SQL queries, malicious code can be injected into queries and data deleted, updated or inserted into the database. This is one of the most common vulnerabilities.<\/p>\n
\nInstead of uploading and running malicious code, the attacker can run it from a remote location. The code can do anything, from hijacking the site to completely deleting it.<\/p>\n","protected":false},"excerpt":{"rendered":"