I had two sites impacted by this serious security flaw in 24 hours (21/08/2019). It enables the attacker to create an administrator account (even if you have registration disabled). In addition, it installs malware that will redirect all clicks on your home page to their 3rd party redirector (currently getasharedlink but they can change it).
Note: if you are logged into your website (as many of us are) you WON’T see the redirection. You need to be logged out, incognito.
Needless to say at the point an admin account is created all bets are off and you will need to reinstall your site back to a known safe point. Just deleting their admin account leaves the possibility they have left other backdoors on to your system.
Bold themes thank you for the quick fix. But you really need to be doing as much as possible to inform your customer base given the severity of the problem. This really is a worst-case scenario, especially if you are looking at 20,000 active installs. Good luck!
