WordPress released a security release to resolve multiple vulnerabilities discovered in variations of WordPress prior to 6.0.3. WordPress likewise upgraded all variations considering that WordPress 3.7.
Cross Website Scripting (XSS) Vulnerability
The U.S. Federal Government National Vulnerability Database released warnings of several vulnerabilities impacting WordPress.
There are multiple type of vulnerabilities affecting WordPress, consisting of a type called a Cross Website Scripting, often referred to as XSS.
A cross site scripting vulnerability typically arises when a web application like WordPress does not effectively check (sterilize) what is input into a form or published through an upload input.
An assailant can send a harmful script to a user who checks out the site which then performs the harmful script, thereupon providing delicate details or cookies consisting of user credentials to the aggressor.
Another vulnerability discovered is called a Stored XSS, which is generally considered to be worse than a routine XSS attack.
With a stored XSS attack, the harmful script is stored on the website itself and is performed when a user or logged-in user checks out the website.
A 3rd kind vulnerability found is called a Cross-Site Request Forgery (CSRF).
The non-profit Open Web Application Security Job (OWASP) security site describes this sort of vulnerability:
“Cross-Site Request Forgery (CSRF) is an attack that requires an end user to execute undesirable actions on a web application in which they’re presently validated.
With a little help of social engineering (such as sending out a link via email or chat), an attacker may fool the users of a web application into executing actions of the assailant’s picking.
If the victim is a normal user, a successful CSRF attack can force the user to perform state altering requests like moving funds, changing their e-mail address, etc.
If the victim is an administrative account, CSRF can compromise the whole web application.”
These are the vulnerabilities discovered:
- Saved XSS through wp-mail. php (post by e-mail)
- Open reroute in ‘wp_nonce_ays’
- Sender’s e-mail address is exposed in wp-mail. php
- Media Library– Reflected XSS through SQLi
- Cross-Site Demand Forgery (CSRF) in wp-trackback. php
- Saved XSS via the Customizer
- Revert shared user instances introduced in 50790
- Saved XSS in WordPress Core via Comment Modifying
- Data exposure by means of the REST Terms/Tags Endpoint
- Content from multipart emails leaked
- SQL Injection due to inappropriate sanitization in ‘WP_Date_Query ‘RSS Widget: Stored XSS concern
- Saved XSS in the search block
- Feature Image Block: XSS problem
- RSS Block: Kept XSS issue
- Fix widget block XSS
WordPress recommended that all users update their websites right away.
The official WordPress statement mentioned:
“This release includes several security repairs. Since this is a security release, it is suggested that you upgrade your websites immediately.
All versions since WordPress 3.7 have actually also been upgraded.”
Read the main WordPress statement here:
WordPress 6.0.3 Security Release
Read the National Vulnerability Database entries for these vulnerabilities:
Featured image by Best SMM Panel/Asier Romero