WordPress 4.7.5 release addresses six security vulnerabilities

The new WordPress 4.7.5 release fixes six security vulnerabilities affecting version 4.7.4 and earlier, including XSS, CSRF, SSRF flaws.

The WordPress 4.7.5 release patches six vulnerabilities affecting version 4.7.4 and earlier. The latest version addresses cross-site scripting (XSS), cross-site request forgery (CSRF), and server-side request forgery (SSRF) flaws.

Below the list of the security issues fixed with the last update:

Insufficient redirect validation in the HTTP class. Reported by Ronni Skansing.
Improper handling of post meta data values in the XML-RPC API. Reported by Sam Thomas.
Lack of capability checks for post meta data in the XML-RPC API. Reported by Ben Bidner of the WordPress Security Team.
A Cross Site Request Forgery (CSRF) vulnerability was discovered in the filesystem credentials dialog. Reported by Yorick Koster.
A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files. Reported by Ronni Skansing.
A cross-site scripting (XSS) vulnerability was discovered related to the Customizer. Reported by Weston Ruter of the WordPress Security Team.

Let’s go into the details of the flaw fixed by the in the details of the flaw fixed by the WordPress 4.7.5 release:

The CSRF flaw patched was reported by the Securify researcher Yorick Koster in the summer of 2016 during the WordPress hacking competition.

It affects the WordPress version 4.5.3 up till and including version 4.7.4.

“The FTP/SSH form functionality of WordPress was found to be vulnerable to Cross-Site Request Forgery.” ” states the advisory published by the company. “This vulnerability can be used to overwrite the FTP or SSH connection settings of the affected WordPress site. An attacker can use this issue to trick an Administrator into logging into the attacker’s FTP or SSH server, disclosing his/her login credentials to the attacker. In order to exploit this vulnerability, the attacker has to lure/force a logged on WordPress Administrator into opening a malicious website.”

The SSRF vulnerability, tracked as CVE-2017-9066, was discovered by the researcher Ronni Skansing, who plans to release a PoC code soon.

Skansing was reported another vulnerability in WordPress, XSS flaw related to uploading very large files.

This isn’t the unique XSS vulnerability fixed, another cross-site-scripting has been reported by Weston Ruter of the WordPress security team in the Customizer feature.

The WordPress 4.7.5 release also patches different vulnerabilities in the same API, such as the Lack of capability checks for post meta data in the XML-RPC API.

WordPress also announced the launch of a public bug bounty program that aims to involve hacking community on the WordPress CMS, BuddyPress, bbPress and GlotPress.

The program will also cover the WordPress.org, WordCamp.org, BuddyPress.org, WordPress.tv, bbPress.org and Jobs.WordPress.net websites.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – WordPress 4.7.5 release, hacking)

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.