Prior to version 6.0.3, WordPress Had Several Vulnerabilities

A security update for WordPress was made public to address more than a dozen issues of various severity. To fix many security issues found in WordPress versions prior to 6.0.3, WordPress released a security update. Every update since WordPress 3.7 has also been made by WordPress.

WordPress security advisories about numerous vulnerabilities were released by the US Government’s National Vulnerability Database. A Cross-Site Scripting vulnerability, sometimes known as an XSS vulnerability, is one of many types that harm WordPress.

version 6.0.3 wordpress

An online programme like WordPress commonly develops a cross-site scripting vulnerability when it doesn’t thoroughly examine (sanitise) what is entered into a form or submitted through an upload input. When a user visits a website, an attacker can send them a malicious script, which the user can then execute, giving the attacker access to sensitive data or cookies including user credentials. A Stored XSS vulnerability was also found, which is regarded as being worse than a typical XSS assault. When a user or logged-in user visits a website that has been subject to a stored XSS attack, the malicious script that was saved on the website is then executed.

Cross-Site Request Forgery (CSRF) is a third category of vulnerability that has been identified.

The vulnerabilities identified are as follows:

  • XSS stored through wp-mail.php (post by email)
  • Redirect in “wp nonce ays” is open
  • In wp-mail.php, the email address of the sender is displayed
  • Reflected XSS on Media Library through SQLi
  • wp-trackback.php contains Cross-Site Request Forgery (CSRF)
  • through the Customizer, stored XSS
  • Reverse the introduction of shared user instances in 50790
  • XSS was saved in the WordPress core through comment editing
  • the REST Terms/Tags Endpoint’s data exposure
  • Emails with many parts had content leak
  • SQL Injection brought on by ‘WP Date Query’s’ poor sanitization
  • RSS Widget: Issue with stored XSS
  • in the search block stored XSS
  • Block of featured images: XSS problem
  • RSS Block: Issue with stored XSS
  • Fix the XSS widget blocker

WordPress advised all users to update their websites right away. Check the official anouncement of of WordPress

Check out the listings for these vulnerabilities in the National Vulnerability Database.

digital marketing


Related articles

YouTube To Remove Stories On June 26th

Youtube is going to remove stories from its platform...

Meta Seeks Feedback On Reels From Users

With about 40% of content on the Reels Page...

Instagram Announces New Tools For Reels

Instagram has now announced new tools to help creators...

Google Announces The Launch Of Ad Transparency Hub

Just like meta, Google will now allow users to...

Google Improves Discovery Ads for Better Engagement and Conversions

As online consumers increasingly turn to platforms like YouTube,...


Please enter your comment!
Please enter your name here