WordPress Versions Prior To 6.0.3 Have Multiple Vulnerabilities

7 December 2022

WordPress Versions Prior To 6.0.3 Have Multiple Vulnerabilities

WordPress has released a security update that addresses more than a dozen vulnerabilities of varying severity.

WordPress released a security update to address multiple vulnerabilities discovered in WordPress versions prior to 6.0.3. WordPress has also updated all versions since 3.7.

Vulnerability to Cross-Site Scripting (XSS)

The National Vulnerability Database of the United States Government has issued warnings about several vulnerabilities affecting WordPress.

WordPress is vulnerable to a variety of vulnerabilities, including a type known as Cross Site Scripting, abbreviated as XSS.

A cross site scripting vulnerability occurs when a web application, such as WordPress, fails to properly check (sanitise) what is entered into a form or uploaded via an upload input.

An attacker can send a malicious script to a user who visits the site, who then executes the malicious script, providing the attacker with sensitive information or cookies containing user credentials.

Another discovered vulnerability is known as a Stored XSS, and it is generally thought to be worse than a regular XSS attack.

A stored XSS attack stores the malicious script on the website and executes it when a user or logged-in user visits the website.

The third type of discovered vulnerability is known as a Cross-Site Request Forgery (CSRF).

This type of vulnerability is described on the non-profit Open Web Application Security Project (OWASP) security website:

“Cross-Site Request Forgery (CSRF) is an attack that forces an authenticated end user to perform unwanted actions on a web application.”

An attacker can trick users of a web application into performing actions of the attacker’s choosing with the help of social engineering (such as sending a link via email or chat).

A successful CSRF attack can force a normal user to perform state-changing requests such as transferring funds, changing their email address, and so on.

CSRF can compromise the entire web application if the victim is an administrative account.”These are the vulnerabilities discovered: 

  1. Stored XSS via wp-mail.php (post by email)
  2. Open redirect in `wp_nonce_ays`
  3. Sender’s email address is exposed in wp-mail.php
  4. Media Library – Reflected XSS via SQLi
  5. Cross-Site Request Forgery (CSRF) in wp-trackback.php
  6. Stored XSS via the Customizer
  7. Revert shared user instances introduced in 50790
  8. Stored XSS in WordPress Core via Comment Editing
  9. Data exposure via the REST Terms/Tags Endpoint
  10. Content from multipart emails leaked
  11. SQL Injection due to improper sanitization in `WP_Date_Query`
  12. RSS Widget: Stored XSS issue
  13. Stored XSS in the search block
  14. Feature Image Block: XSS issue
  15. RSS Block: Stored XSS issue
  16. Fix widget block XSS

Action Suggestions

WordPress advised all users to immediately update their websites.

According to the official WordPress announcement:

“Several security fixes are included in this release.” Because this is a security release, you should update your sites right away.

“All WordPress versions since 3.7 have also been updated.”

The official WordPress announcement can be found here:

WordPress 6.0.3 Security Release

Examine the entries in the National Vulnerability Database for the following vulnerabilities:

CVE-2022-43504

CVE-2022-43500

CVE-2022-43497

If you need any help or advice for your own digital strategy, simply get in touch! You can also follow Viva Digital on Facebook to receive regular news, tips and how-tos in your feed. Thanks for reading.

Paul Smith

Paul Smith

With more than 20 years of industry experience in the UK, USA and Australia under his belt, Paul Smith is a seasoned professional who will infuse your digital marketing with his wealth of knowledge and expertise. Paul specialises in digital strategy, SEO and data analytics.

text-word-press-written-on-sticky-note-2022-11-08-08-36-42-utc