WordPress Struck With Multiple Vulnerabilities In Versions Prior To 6.0.3

Posted by

WordPress released a security release to attend to several vulnerabilities found in versions of WordPress prior to 6.0.3. WordPress also upgraded all versions given that WordPress 3.7.

Cross Site Scripting (XSS) Vulnerability

The U.S. Government National Vulnerability Database published cautions of multiple vulnerabilities impacting WordPress.

There are multiple type of vulnerabilities impacting WordPress, including a type referred to as a Cross Website Scripting, often described as XSS.

A cross site scripting vulnerability generally arises when a web application like WordPress does not correctly examine (sterilize) what is input into a kind or uploaded through an upload input.

An assaulter can send a harmful script to a user who goes to the website which then carries out the harmful script, thereupon supplying delicate info or cookies consisting of user credentials to the assailant.

Another vulnerability found is called a Stored XSS, which is generally considered to be even worse than a regular XSS attack.

With a stored XSS attack, the malicious script is kept on the website itself and is executed when a user or logged-in user goes to the website.

A third kind vulnerability discovered is called a Cross-Site Demand Forgery (CSRF).

The non-profit Open Web Application Security Project (OWASP) security website explains this type of vulnerability:

“Cross-Site Demand Forgery (CSRF) is an attack that requires an end user to carry out unwanted actions on a web application in which they’re presently confirmed.

With a little assistance of social engineering (such as sending a link via e-mail or chat), an assailant may fool the users of a web application into performing actions of the opponent’s choosing.

If the victim is a normal user, a successful CSRF attack can force the user to perform state altering demands like moving funds, changing their email address, etc.

If the victim is an administrative account, CSRF can compromise the entire web application.”

These are the vulnerabilities found:

  1. Stored XSS through wp-mail. php (post by e-mail)
  2. Open redirect in ‘wp_nonce_ays’
  3. Sender’s e-mail address is exposed in wp-mail. php
  4. Media Library– Reflected XSS via SQLi
  5. Cross-Site Request Forgery (CSRF) in wp-trackback. php
  6. Kept XSS by means of the Customizer
  7. Go back shared user instances introduced in 50790
  8. Saved XSS in WordPress Core through Comment Modifying
  9. Data direct exposure via the REST Terms/Tags Endpoint
  10. Content from multipart e-mails dripped
  11. SQL Injection due to incorrect sanitization in ‘WP_Date_Query ‘RSS Widget: Stored XSS concern
  12. Kept XSS in the search block
  13. Function Image Block: XSS problem
  14. RSS Block: Kept XSS problem
  15. Fix widget block XSS

Suggested Action

WordPress advised that all users upgrade their websites immediately.

The main WordPress statement mentioned:

“This release includes numerous security fixes. Since this is a security release, it is recommended that you update your websites immediately.

All versions considering that WordPress 3.7 have actually also been upgraded.”

Read the official WordPress announcement here:

WordPress 6.0.3 Security Release

Check Out the National Vulnerability Database entries for these vulnerabilities:

CVE-2022-43504

CVE-2022-43500

CVE-2022-43497

Included image by Best SMM Panel/Asier Romero