A researcher has discovered a new flaw in WordPress that could potentially lead to remote code execution attacks. The flaw stems from a cross-site request forgery (CSRF) issue in the comment section, one of its core components that comes enabled by default. The vulnerability affects all WordPress installations prior to version 5.1.1. It’s highly recommended to immediately upgrade your WordPress-based website before hackers could take advantage of a newly disclosed vulnerability to hack your website. Since WordPress automatically updates by default, you should already be running the latest version of the CMS software.
Source: https://thehackernews.com/2019/03/hack-wordpress-websites.html