WordPress Struck With Multiple Vulnerabilities In Versions Prior To 6.0.3

Posted by

WordPress released a security release to resolve multiple vulnerabilities found in versions of WordPress prior to 6.0.3. WordPress likewise updated all versions since WordPress 3.7.

Cross Site Scripting (XSS) Vulnerability

The U.S. Federal Government National Vulnerability Database published warnings of numerous vulnerabilities impacting WordPress.

There are several kinds of vulnerabilities affecting WordPress, consisting of a type referred to as a Cross Website Scripting, frequently described as XSS.

A cross website scripting vulnerability typically occurs when a web application like WordPress doesn’t correctly examine (sanitize) what is input into a type or uploaded through an upload input.

An assailant can send out a destructive script to a user who visits the website which then executes the harmful script, thereupon offering sensitive details or cookies consisting of user qualifications to the aggressor.

Another vulnerability found is called a Stored XSS, which is typically considered to be worse than a regular XSS attack.

With a kept XSS attack, the destructive script is stored on the website itself and is executed when a user or logged-in user checks out the website.

A 3rd kind vulnerability discovered is called a Cross-Site Request Forgery (CSRF).

The non-profit Open Web Application Security Project (OWASP) security website explains this sort of vulnerability:

“Cross-Site Request Forgery (CSRF) is an attack that forces an end user to carry out undesirable actions on a web application in which they’re presently validated.

With a little aid of social engineering (such as sending a link through email or chat), an attacker may deceive the users of a web application into executing actions of the assailant’s picking.

If the victim is a typical user, a successful CSRF attack can require the user to perform state changing demands like moving funds, changing their email address, and so forth.

If the victim is an administrative account, CSRF can compromise the entire web application.”

These are the vulnerabilities discovered:

  1. Stored XSS through wp-mail. php (post by email)
  2. Open reroute in ‘wp_nonce_ays’
  3. Sender’s email address is exposed in wp-mail. php
  4. Media Library– Reflected XSS by means of SQLi
  5. Cross-Site Demand Forgery (CSRF) in wp-trackback. php
  6. Kept XSS via the Customizer
  7. Go back shared user circumstances introduced in 50790
  8. Saved XSS in WordPress Core by means of Comment Modifying
  9. Data direct exposure via the REST Terms/Tags Endpoint
  10. Content from multipart emails leaked
  11. SQL Injection due to inappropriate sanitization in ‘WP_Date_Query ‘RSS Widget: Kept XSS concern
  12. Kept XSS in the search block
  13. Feature Image Block: XSS problem
  14. RSS Block: Stored XSS problem
  15. Repair widget block XSS

Suggested Action

WordPress suggested that all users upgrade their websites right away.

The main WordPress announcement specified:

“This release includes a number of security fixes. Because this is a security release, it is recommended that you update your websites right away.

All variations given that WordPress 3.7 have actually also been upgraded.”

Read the official WordPress announcement here:

WordPress 6.0.3 Security Release

Read the National Vulnerability Database entries for these vulnerabilities:

CVE-2022-43504

CVE-2022-43500

CVE-2022-43497

Featured image by Best SMM Panel/Asier Romero