Prior to version 6.0.3, WordPress Had Several Vulnerabilities

A security update for WordPress was made public to address more than a dozen issues of various severity. To fix many security issues found in WordPress versions prior to 6.0.3, WordPress released a security update. Every update since WordPress 3.7 has also been made by WordPress.

WordPress security advisories about numerous vulnerabilities were released by the US Government’s National Vulnerability Database. A Cross-Site Scripting vulnerability, sometimes known as an XSS vulnerability, is one of many types that harm WordPress.

version 6.0.3 wordpress

An online programme like WordPress commonly develops a cross-site scripting vulnerability when it doesn’t thoroughly examine (sanitise) what is entered into a form or submitted through an upload input. When a user visits a website, an attacker can send them a malicious script, which the user can then execute, giving the attacker access to sensitive data or cookies including user credentials. A Stored XSS vulnerability was also found, which is regarded as being worse than a typical XSS assault. When a user or logged-in user visits a website that has been subject to a stored XSS attack, the malicious script that was saved on the website is then executed.

Cross-Site Request Forgery (CSRF) is a third category of vulnerability that has been identified.

The vulnerabilities identified are as follows:

  • XSS stored through wp-mail.php (post by email)
  • Redirect in “wp nonce ays” is open
  • In wp-mail.php, the email address of the sender is displayed
  • Reflected XSS on Media Library through SQLi
  • wp-trackback.php contains Cross-Site Request Forgery (CSRF)
  • through the Customizer, stored XSS
  • Reverse the introduction of shared user instances in 50790
  • XSS was saved in the WordPress core through comment editing
  • the REST Terms/Tags Endpoint’s data exposure
  • Emails with many parts had content leak
  • SQL Injection brought on by ‘WP Date Query’s’ poor sanitization
  • RSS Widget: Issue with stored XSS
  • in the search block stored XSS
  • Block of featured images: XSS problem
  • RSS Block: Issue with stored XSS
  • Fix the XSS widget blocker

WordPress advised all users to update their websites right away. Check the official anouncement of of WordPress

Check out the listings for these vulnerabilities in the National Vulnerability Database.

digital marketing

Subscribe

Related articles

Meta’s Interactive Broadcast Upgrade

Meta, the tech giant formerly known as Facebook, has...

Meta Debuts Creator Hub for Threads

Meta's latest venture into the social media landscape, Threads,...

Instagram Tweaks Direct Messaging

Instagram, the ever-evolving social media platform, is once again...

X Matches Shopify Ads Spend

In today's competitive e-commerce landscape, effective advertising is crucial...

Instagram Introduces Story Collages

Instagram has once again revolutionized the way we share...

LEAVE A REPLY

Please enter your comment!
Please enter your name here