WordPress Struck With Numerous Vulnerabilities In Variations Prior To 6.0.3

Posted by

WordPress published a security release to attend to multiple vulnerabilities discovered in versions of WordPress prior to 6.0.3. WordPress likewise updated all versions since WordPress 3.7.

Cross Site Scripting (XSS) Vulnerability

The U.S. Federal Government National Vulnerability Database released warnings of multiple vulnerabilities impacting WordPress.

There are several type of vulnerabilities impacting WordPress, consisting of a type known as a Cross Website Scripting, typically described as XSS.

A cross site scripting vulnerability generally occurs when a web application like WordPress does not correctly inspect (sterilize) what is input into a kind or submitted through an upload input.

An assailant can send a malicious script to a user who checks out the website which then performs the malicious script, thereupon offering sensitive details or cookies containing user credentials to the enemy.

Another vulnerability found is called a Saved XSS, which is normally considered to be worse than a regular XSS attack.

With a saved XSS attack, the malicious script is stored on the site itself and is performed when a user or logged-in user visits the site.

A 3rd kind vulnerability found is called a Cross-Site Request Forgery (CSRF).

The non-profit Open Web Application Security Project (OWASP) security website explains this kind of vulnerability:

“Cross-Site Request Forgery (CSRF) is an attack that forces an end user to carry out unwanted actions on a web application in which they’re presently confirmed.

With a little assistance of social engineering (such as sending a link by means of e-mail or chat), an assaulter might trick the users of a web application into carrying out actions of the enemy’s picking.

If the victim is a regular user, a successful CSRF attack can force the user to perform state altering requests like transferring funds, altering their email address, and so forth.

If the victim is an administrative account, CSRF can jeopardize the whole web application.”

These are the vulnerabilities discovered:

  1. Kept XSS via wp-mail. php (post by email)
  2. Open reroute in ‘wp_nonce_ays’
  3. Sender’s e-mail address is exposed in wp-mail. php
  4. Media Library– Reflected XSS via SQLi
  5. Cross-Site Demand Forgery (CSRF) in wp-trackback. php
  6. Saved XSS through the Customizer
  7. Go back shared user circumstances presented in 50790
  8. Saved XSS in WordPress Core through Remark Modifying
  9. Data direct exposure via the REST Terms/Tags Endpoint
  10. Material from multipart e-mails leaked
  11. SQL Injection due to incorrect sanitization in ‘WP_Date_Query ‘RSS Widget: Stored XSS issue
  12. Stored XSS in the search block
  13. Function Image Block: XSS issue
  14. RSS Block: Kept XSS concern
  15. Fix widget block XSS

Suggested Action

WordPress suggested that all users upgrade their websites instantly.

The official WordPress announcement stated:

“This release features a number of security repairs. Because this is a security release, it is suggested that you upgrade your sites instantly.

All variations because WordPress 3.7 have actually also been upgraded.”

Check out the official WordPress statement here:

WordPress 6.0.3 Security Release

Read the National Vulnerability Database entries for these vulnerabilities:

CVE-2022-43504

CVE-2022-43500

CVE-2022-43497

Included image by Best SMM Panel/Asier Romero