WordPress have pushed out a security-focused update 5.8.3 that addresses four significant security flaws in its CMS, patching cross site scripting (XSS) and SQL injection vulnerabilities that affect WordPress versions between 3.7 and 5.8.
There’s a fix for a stored XSS through post slugs vulnerability that could allow an authenticated attacker to inject a JavaScript payload into post slugs. This payload would then infect in the administration dashboard, and ultimately, could be used to hijack administrator accounts and to compromise the installation.
Another issue sepertly reported with “object injection in some multisite installations” that’s also patched with the WordPress 5.8.3 release.The same update tackles an SQL injection vulnerability in WP_Query.
WordPress 5.8.3 is a security patch-focused interim release of the CMS that omits any new features or functionality.The first major core release of the year, WordPress 5.9, is scheduled to launch on January 25.
