Posted by WordPress released a security release to deal with numerous vulnerabilities found in variations of WordPress prior to 6.0.3. WordPress also updated all variations because WordPress 3.7.
Cross Website Scripting (XSS) Vulnerability
The U.S. Federal Government National Vulnerability Database released warnings of several vulnerabilities impacting WordPress.
There are several kinds of vulnerabilities impacting WordPress, including a type referred to as a Cross Site Scripting, frequently referred to as XSS.
A cross website scripting vulnerability generally arises when a web application like WordPress does not appropriately inspect (sterilize) what is input into a form or uploaded through an upload input.
An assailant can send out a destructive script to a user who goes to the website which then performs the malicious script, thereupon offering sensitive details or cookies including user qualifications to the assaulter.
Another vulnerability found is called a Stored XSS, which is typically considered to be even worse than a routine XSS attack.
With a saved XSS attack, the destructive script is stored on the website itself and is carried out when a user or logged-in user goes to the site.
A third kind vulnerability found is called a Cross-Site Request Forgery (CSRF).
The non-profit Open Web Application Security Job (OWASP) security website explains this kind of vulnerability:
“Cross-Site Request Forgery (CSRF) is an attack that forces an end user to perform undesirable actions on a web application in which they’re currently authenticated.
With a little help of social engineering (such as sending out a link through email or chat), an assaulter might deceive the users of a web application into carrying out actions of the enemy’s choosing.
If the victim is a normal user, an effective CSRF attack can force the user to carry out state changing demands like moving funds, changing their email address, etc.
If the victim is an administrative account, CSRF can compromise the whole web application.”
These are the vulnerabilities found:
- Kept XSS through wp-mail. php (post by e-mail)
- Open redirect in ‘wp_nonce_ays’
- Sender’s e-mail address is exposed in wp-mail. php
- Media Library– Shown XSS via SQLi
- Cross-Site Demand Forgery (CSRF) in wp-trackback. php
- Saved XSS through the Customizer
- Go back shared user circumstances introduced in 50790
- Stored XSS in WordPress Core via Remark Editing
- Information exposure through the REST Terms/Tags Endpoint
- Material from multipart e-mails leaked
- SQL Injection due to improper sanitization in ‘WP_Date_Query ‘RSS Widget: Saved XSS issue
- Saved XSS in the search block
- Feature Image Block: XSS problem
- RSS Block: Stored XSS problem
- Fix widget block XSS
Advised Action
WordPress advised that all users update their sites right away.
The main WordPress statement specified:
“This release includes a number of security fixes. Since this is a security release, it is suggested that you upgrade your sites immediately.
All versions considering that WordPress 3.7 have likewise been upgraded.”
Read the official WordPress statement here:
WordPress 6.0.3 Security Release
Read the National Vulnerability Database entries for these vulnerabilities:
CVE-2022-43504
CVE-2022-43500
CVE-2022-43497
Featured image by Best SMM Panel/Asier Romero