WordPress Struck With Several Vulnerabilities In Variations Prior To 6.0.3

Posted by

WordPress published a security release to address several vulnerabilities discovered in versions of WordPress prior to 6.0.3. WordPress likewise upgraded all versions since WordPress 3.7.

Cross Site Scripting (XSS) Vulnerability

The U.S. Government National Vulnerability Database published warnings of several vulnerabilities impacting WordPress.

There are several type of vulnerabilities impacting WordPress, consisting of a type referred to as a Cross Website Scripting, typically referred to as XSS.

A cross website scripting vulnerability usually emerges when a web application like WordPress does not correctly inspect (sanitize) what is input into a form or submitted through an upload input.

An opponent can send a destructive script to a user who visits the site which then performs the harmful script, thereupon offering delicate information or cookies consisting of user qualifications to the aggressor.

Another vulnerability discovered is called a Saved XSS, which is typically considered to be even worse than a regular XSS attack.

With a stored XSS attack, the harmful script is saved on the website itself and is executed when a user or logged-in user checks out the site.

A 3rd kind vulnerability found is called a Cross-Site Demand Forgery (CSRF).

The non-profit Open Web Application Security Task (OWASP) security site describes this type of vulnerability:

“Cross-Site Request Forgery (CSRF) is an attack that requires an end user to carry out unwanted actions on a web application in which they’re currently validated.

With a little assistance of social engineering (such as sending a link via email or chat), an attacker might fool the users of a web application into executing actions of the assaulter’s picking.

If the victim is a normal user, an effective CSRF attack can require the user to carry out state altering demands like moving funds, altering their email address, and so forth.

If the victim is an administrative account, CSRF can compromise the entire web application.”

These are the vulnerabilities found:

  1. Stored XSS through wp-mail. php (post by e-mail)
  2. Open redirect in ‘wp_nonce_ays’
  3. Sender’s email address is exposed in wp-mail. php
  4. Media Library– Reflected XSS by means of SQLi
  5. Cross-Site Demand Forgery (CSRF) in wp-trackback. php
  6. Stored XSS by means of the Customizer
  7. Go back shared user circumstances presented in 50790
  8. Stored XSS in WordPress Core through Remark Modifying
  9. Information direct exposure by means of the REST Terms/Tags Endpoint
  10. Content from multipart emails dripped
  11. SQL Injection due to improper sanitization in ‘WP_Date_Query ‘RSS Widget: Saved XSS problem
  12. Kept XSS in the search block
  13. Function Image Block: XSS problem
  14. RSS Block: Kept XSS issue
  15. Repair widget block XSS

Recommended Action

WordPress advised that all users upgrade their websites immediately.

The main WordPress announcement specified:

“This release includes several security repairs. Because this is a security release, it is advised that you upgrade your websites instantly.

All variations since WordPress 3.7 have actually likewise been updated.”

Check out the main WordPress statement here:

WordPress 6.0.3 Security Release

Read the National Vulnerability Database entries for these vulnerabilities:

CVE-2022-43504

CVE-2022-43500

CVE-2022-43497

Featured image by Best SMM Panel/Asier Romero