https://www.wordfence.com/blog/2018/06/arbitrary-file-deletion-flaw-present-in-wordpress-core/
The security community has been abuzz this week following the disclosure of a vulnerability present in all current versions of WordPress. The flaw, published in a detailed report by RIPS Technologies, allows any logged-in user with an Author role or higher to delete files on the server.
This post is Copyright 2018 Defiant, Inc. and was published on the wordfence.com
Source: Security Feed