WordPress Struck With Numerous Vulnerabilities In Variations Prior To 6.0.3

Posted by

WordPress published a security release to address several vulnerabilities discovered in versions of WordPress prior to 6.0.3. WordPress also updated all versions considering that WordPress 3.7.

Cross Website Scripting (XSS) Vulnerability

The U.S. Federal Government National Vulnerability Database released warnings of several vulnerabilities affecting WordPress.

There are multiple sort of vulnerabilities affecting WordPress, consisting of a type known as a Cross Website Scripting, typically referred to as XSS.

A cross website scripting vulnerability normally emerges when a web application like WordPress does not properly inspect (sterilize) what is input into a type or uploaded through an upload input.

An attacker can send a destructive script to a user who checks out the site which then carries out the destructive script, thereupon offering sensitive information or cookies consisting of user credentials to the attacker.

Another vulnerability discovered is called a Saved XSS, which is generally considered to be even worse than a routine XSS attack.

With a stored XSS attack, the destructive script is stored on the site itself and is carried out when a user or logged-in user visits the site.

A third kind vulnerability discovered is called a Cross-Site Demand Forgery (CSRF).

The non-profit Open Web Application Security Job (OWASP) security site explains this sort of vulnerability:

“Cross-Site Demand Forgery (CSRF) is an attack that forces an end user to carry out undesirable actions on a web application in which they’re presently validated.

With a little assistance of social engineering (such as sending a link through email or chat), an attacker might trick the users of a web application into carrying out actions of the opponent’s choosing.

If the victim is a normal user, an effective CSRF attack can require the user to carry out state altering requests like moving funds, altering their e-mail address, and so forth.

If the victim is an administrative account, CSRF can compromise the entire web application.”

These are the vulnerabilities discovered:

  1. Kept XSS through wp-mail. php (post by e-mail)
  2. Open redirect in ‘wp_nonce_ays’
  3. Sender’s e-mail address is exposed in wp-mail. php
  4. Media Library– Reflected XSS by means of SQLi
  5. Cross-Site Demand Forgery (CSRF) in wp-trackback. php
  6. Saved XSS by means of the Customizer
  7. Go back shared user instances introduced in 50790
  8. Stored XSS in WordPress Core through Remark Modifying
  9. Information direct exposure through the REST Terms/Tags Endpoint
  10. Content from multipart e-mails dripped
  11. SQL Injection due to inappropriate sanitization in ‘WP_Date_Query ‘RSS Widget: Saved XSS concern
  12. Stored XSS in the search block
  13. Function Image Block: XSS concern
  14. RSS Block: Stored XSS issue
  15. Fix widget block XSS

Recommended Action

WordPress recommended that all users upgrade their websites immediately.

The main WordPress statement mentioned:

“This release includes a number of security fixes. Due to the fact that this is a security release, it is suggested that you update your sites instantly.

All variations since WordPress 3.7 have actually also been upgraded.”

Check out the main WordPress statement here:

WordPress 6.0.3 Security Release

Check Out the National Vulnerability Database entries for these vulnerabilities:

CVE-2022-43504

CVE-2022-43500

CVE-2022-43497

Included image by Best SMM Panel/Asier Romero