May 28, 2022

TheCyberThrone

Thinking Security ! Always

WordPress fixes XSS & SQL Injection πŸ’‰ with latest release

WordPress have pushed out a security-focused update 5.8.3 that addresses four significant security flaws in its CMS, patching cross site scripting (XSS) and SQL injection vulnerabilities that affect WordPress versions between 3.7 and 5.8.

There’s a fix for a stored XSS through post slugs vulnerability that could allow an authenticated attacker to inject a JavaScript payload into post slugs. This payload would then infect in the administration dashboard, and ultimately, could be used to hijack administrator accounts and to compromise the installation.

Advertisements

Another issue sepertly reported with β€œobject injection in some multisite installations” that’s also patched with the WordPress 5.8.3 release.The same update tackles an SQL injection vulnerability in WP_Query.

WordPress 5.8.3 is a security patch-focused interim release of the CMS that omits any new features or functionality.The first major core release of the year, WordPress 5.9, is scheduled to launch on January 25.

%d bloggers like this: