Posted by WordPress published a security release to address numerous vulnerabilities discovered in variations of WordPress prior to 6.0.3. WordPress also updated all versions considering that WordPress 3.7.
Cross Site Scripting (XSS) Vulnerability
The U.S. Federal Government National Vulnerability Database released cautions of numerous vulnerabilities affecting WordPress.
There are numerous kinds of vulnerabilities impacting WordPress, including a type known as a Cross Site Scripting, frequently described as XSS.
A cross site scripting vulnerability usually emerges when a web application like WordPress does not properly inspect (sterilize) what is input into a type or uploaded through an upload input.
An attacker can send a malicious script to a user who checks out the site which then executes the harmful script, thereupon providing delicate information or cookies containing user qualifications to the enemy.
Another vulnerability found is called a Kept XSS, which is normally considered to be worse than a regular XSS attack.
With a stored XSS attack, the harmful script is kept on the website itself and is executed when a user or logged-in user checks out the website.
A 3rd kind vulnerability discovered is called a Cross-Site Demand Forgery (CSRF).
The non-profit Open Web Application Security Project (OWASP) security website describes this type of vulnerability:
“Cross-Site Demand Forgery (CSRF) is an attack that forces an end user to perform undesirable actions on a web application in which they’re presently verified.
With a little assistance of social engineering (such as sending a link by means of email or chat), an opponent may trick the users of a web application into carrying out actions of the attacker’s picking.
If the victim is a normal user, an effective CSRF attack can require the user to perform state altering requests like transferring funds, changing their e-mail address, etc.
If the victim is an administrative account, CSRF can compromise the entire web application.”
These are the vulnerabilities found:
- Stored XSS by means of wp-mail. php (post by e-mail)
- Open reroute in ‘wp_nonce_ays’
- Sender’s email address is exposed in wp-mail. php
- Media Library– Shown XSS through SQLi
- Cross-Site Request Forgery (CSRF) in wp-trackback. php
- Stored XSS by means of the Customizer
- Revert shared user circumstances presented in 50790
- Saved XSS in WordPress Core through Comment Modifying
- Information exposure through the REST Terms/Tags Endpoint
- Content from multipart e-mails dripped
- SQL Injection due to improper sanitization in ‘WP_Date_Query ‘RSS Widget: Stored XSS concern
- Kept XSS in the search block
- Function Image Block: XSS problem
- RSS Block: Kept XSS concern
- Repair widget block XSS
Recommended Action
WordPress suggested that all users update their sites immediately.
The main WordPress announcement specified:
“This release includes numerous security repairs. Since this is a security release, it is recommended that you update your websites immediately.
All versions since WordPress 3.7 have also been updated.”
Check out the main WordPress announcement here:
WordPress 6.0.3 Security Release
Check Out the National Vulnerability Database entries for these vulnerabilities:
CVE-2022-43504
CVE-2022-43500
CVE-2022-43497
Featured image by Best SMM Panel/Asier Romero