As described in article https://vulners.com/thn/THN:4C1AA050916A4EAA3D2C993C0287B604
there is a little problem in Wordpress, but fix it is so easy.
In directory /wp-admin create .htaccess file and place in this:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?domain.tld [NC]
RewriteRule load-scripts.php - [NC,F,L]
domain.tld - replace your own domain.
And that is all.
