HomeNews & updatesWordPress Hit With Multiple Vulnerabilities In Versions Prior To 6.0.3 - Search...

WordPress Hit With Multiple Vulnerabilities In Versions Prior To 6.0.3 – Search Engine Journal

Discover SEO trends from some of the top SEO professionals. They will tell you just about everything you need to know to succeed in 2023.
Discover SEO trends from some of the top SEO professionals. They will tell you just about everything you need to know to succeed in 2023.
Discover what PPC trends you need to know in 2023 if you want to drive more traffic, leads, and conversions, make the most of your budget, and stay ahead of your competition.
This ebook shows you how to meet customers at each stage of their journey and create compelling content that converts.
Want to know what makes a Facebook ad effective and how to set up your campaigns for success?
How do you create web content that’s digestible for search engines while simultaneously providing a user-friendly experience?
WordPress announced a security release to fix more than a dozen vulnerabilities of varying severity
WordPress published a security release to address multiple vulnerabilities discovered in versions of WordPress prior to 6.0.3. WordPress also updated all versions since WordPress 3.7.
The U.S. Government National Vulnerability Database published warnings of multiple vulnerabilities affecting WordPress.
There are multiple kinds of vulnerabilities affecting WordPress, including a type known as a Cross Site Scripting, often referred to as XSS.
A cross site scripting vulnerability typically arises when a web application like WordPress doesn’t properly check (sanitize) what is input into a form or uploaded through an upload input.
An attacker can send a malicious script to a user who visits the site which then executes the malicious script, thereupon providing sensitive information or cookies containing user credentials to the attacker.
Another vulnerability discovered is called a Stored XSS, which is generally considered to be worse than a regular XSS attack.
With a stored XSS attack, the malicious script is stored on the website itself and is executed when a user or logged-in user visits the website.
A third kind vulnerability discovered is called a Cross-Site Request Forgery (CSRF).
The non-profit Open Web Application Security Project (OWASP) security website describes this kind of vulnerability:
“Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated.
With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker’s choosing.
If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth.
If the victim is an administrative account, CSRF can compromise the entire web application.”
These are the vulnerabilities discovered:
WordPress recommended that all users update their websites immediately.
The official WordPress announcement stated:
“This release features several security fixes. Because this is a security release, it is recommended that you update your sites immediately.
All versions since WordPress 3.7 have also been updated.”
WordPress 6.0.3 Security Release
CVE-2022-43504
CVE-2022-43500
CVE-2022-43497
Featured image by Shutterstock/Asier Romero
Roger Montti is a search marketer with over 20 years experience. I offer site audits, phone consultations and content and …
Get our daily newsletter from SEJ’s Founder Loren Baker about the latest news in the industry!
Subscribe to SEJ
Get your daily recap of the latest search news, advice, and trends.
Educating and empowering the SEO community by providing the freshest news and latest best practices via the industry’s smartest practitioners.
Copyright © 2023 Search Engine Journal. All rights reserved. Published by Alpha Brand Media.

source

- Advertisment -


Most Popular

- Advertisment -