The WordPress 5.8.3 security release addresses four vulnerabilities affecting versions between 3.7 and 5.8, it is labeled as a short-cycle security release. The organization announced that the next major release will be version 5.9, which is already in the Release Candidate stage.
Two of the vulnerabilities addressed with this release are SQL injection issues; a first vulnerability resides in the WP_Query and was reported by ngocnb and khuyenn from GiaoHangTietKiem JSC through Trend Micro Zero Day Initiative; the second vulnerability affects WP_Meta_Query and was discovered by Ben Bidner of the WordPress security team, it is only relevant to versions 4.1-5.8.
The third vulnerability is a stored XSS through post slugs that was discovered by Karim El Ouerghemmi and Simon Scannell from SonarSource.
The fourth vulnerability is an object injection in some multisite installations that was reported by Simon Scannell of SonarSource.
All of the above vulnerabilities were privately reported to WordPress giving the security team time to address them before they could be exploited to compromise WordPress sites.
Users can update to WordPress 5.8.3 by downloading from WordPress.org or visiting your Dashboard → Updates and clicking Update Now.
WordPress websites are a privileged target for threat actors, recently Wordfence researchers spotted a massive wave of attacks that was targeting over 1.6 million WordPress sites from 16,000 IPs.
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, WordPress 5.8.3)
[adrotate banner=”5″]
[adrotate banner=”13″]
China-linked threat actors are preparing cyber attacks against U.S. critical infrastructure warned FBI Director Christopher…
The United Nations Development Programme (UNDP) has initiated an investigation into an alleged ransomware attack…
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly…
This website uses cookies.