WordPress Struck With Several Vulnerabilities In Versions Prior To 6.0.3

Posted by

WordPress released a security release to attend to multiple vulnerabilities found in versions of WordPress prior to 6.0.3. WordPress likewise updated all variations because WordPress 3.7.

Cross Site Scripting (XSS) Vulnerability

The U.S. Federal Government National Vulnerability Database published warnings of several vulnerabilities affecting WordPress.

There are multiple type of vulnerabilities affecting WordPress, consisting of a type known as a Cross Website Scripting, frequently referred to as XSS.

A cross site scripting vulnerability typically arises when a web application like WordPress doesn’t correctly check (sanitize) what is input into a type or uploaded through an upload input.

An assaulter can send a harmful script to a user who goes to the site which then carries out the destructive script, thereupon providing sensitive info or cookies including user qualifications to the opponent.

Another vulnerability discovered is called a Kept XSS, which is usually considered to be even worse than a routine XSS attack.

With a kept XSS attack, the destructive script is stored on the website itself and is executed when a user or logged-in user goes to the site.

A third kind vulnerability discovered is called a Cross-Site Request Forgery (CSRF).

The non-profit Open Web Application Security Job (OWASP) security website describes this type of vulnerability:

“Cross-Site Request Forgery (CSRF) is an attack that requires an end user to perform undesirable actions on a web application in which they’re currently verified.

With a little help of social engineering (such as sending a link via email or chat), an assailant may deceive the users of a web application into performing actions of the enemy’s choosing.

If the victim is a normal user, an effective CSRF attack can force the user to perform state changing requests like transferring funds, altering their email address, and so forth.

If the victim is an administrative account, CSRF can compromise the whole web application.”

These are the vulnerabilities found:

  1. Kept XSS by means of wp-mail. php (post by e-mail)
  2. Open redirect in ‘wp_nonce_ays’
  3. Sender’s e-mail address is exposed in wp-mail. php
  4. Media Library– Shown XSS via SQLi
  5. Cross-Site Request Forgery (CSRF) in wp-trackback. php
  6. Stored XSS through the Customizer
  7. Revert shared user circumstances presented in 50790
  8. Kept XSS in WordPress Core through Remark Modifying
  9. Data direct exposure by means of the REST Terms/Tags Endpoint
  10. Content from multipart emails leaked
  11. SQL Injection due to improper sanitization in ‘WP_Date_Query ‘RSS Widget: Kept XSS problem
  12. Kept XSS in the search block
  13. Feature Image Block: XSS issue
  14. RSS Block: Stored XSS problem
  15. Repair widget block XSS

Advised Action

WordPress recommended that all users upgrade their websites immediately.

The official WordPress announcement specified:

“This release features a number of security fixes. Because this is a security release, it is recommended that you upgrade your websites instantly.

All variations considering that WordPress 3.7 have also been updated.”

Read the official WordPress announcement here:

WordPress 6.0.3 Security Release

Read the National Vulnerability Database entries for these vulnerabilities:

CVE-2022-43504

CVE-2022-43500

CVE-2022-43497

Featured image by Best SMM Panel/Asier Romero