WordPress

WordPress Security Release Fixes 16 Vulnerabilities

Photo of SEO SEO Send an email October 1, 2024
0 4 3 minutes read

WordPress recently issued a security update to address sixteen vulnerabilities, urging site administrators to update their sites immediately.

The security notice did not elaborate on the severity of these vulnerabilities. However, considering the nature and number of issues acknowledged by WordPress, it’s advisable to take this security release seriously.

Vulnerabilities Patched by WordPress

This security release addresses sixteen different vulnerabilities. Here is the list of the vulnerabilities fixed:

  • 9 XSS issues, 6 of which are Stored XSS
  • 2 Email-related vulnerabilities
  • 1 Cross Site Request Forgery Vulnerability
  • 1 SQL Injection
  • 1 Data exposure (REST Endpoint)
  • 1 Open redirect
  • 1 Revert shared user instances (a feature presumably introduced a vulnerability)

Six Stored XSS Vulnerabilities

A stored XSS vulnerability is one where the payload is uploaded and stored on the victim’s web servers. This type of vulnerability can occur anywhere WordPress allows input or uploads. It arises from a flaw in the code that fails to adequately filter uploaded inputs, allowing malicious scripts or unexpected files.

The non-profit security organization Open Web Application Security Project (OWASP) describes this kind of vulnerability:

"Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc. The victim then retrieves the malicious script from the server when requesting the stored information."

Cross-Site Request Forgery

A Cross-Site Request Forgery (CSRF) relies on social engineering to trick a high-level website user with administrative privileges into performing an action, such as following a link. This kind of vulnerability can lead to an admin performing actions that might compromise the website and can also affect regular users by causing them to change their login email or withdraw funds.

Open Redirect in wp_nonce_ays

An open redirect is a flaw where a hacker can exploit a redirection. In this case, it’s related to an “are you sure” notice to confirm an action. WordPress describes this function:

"If the action has the nonce explain message, then it will be displayed along with the “Are you sure?” message."

A nonce is a security token generated by the WordPress site, defined as:

"A nonce is a ‘number used once’ to help protect URLs and forms from certain types of misuse, malicious or otherwise. WordPress nonces aren’t numbers but are a hash made up of numbers and letters… Nonces should never be relied on for authentication, authorization, or access control."

Google describes open redirect vulnerabilities as:

"This is a particularly onerous form of abuse because it takes advantage of your site’s functionality rather than exploiting a simple bug or security flaw. Spammers use your domain as a temporary ‘landing page’ to trick users into following links that appear to be pointing to your site but actually redirect to their spammy site."

Given the sensitive nature of this security aspect, it is likely quite serious.

SQL Injection due to Improper Sanitization in WP_Date_Query

This type of vulnerability allows an attacker to input data directly into the database, where sensitive information like passwords and posts are stored. Improper sanitization refers to the failure to limit what can be input, which can lead to serious SQL Injection attacks.

OWASP highlights the danger:

"SQL injection attacks allow attackers to spoof identity, tamper with existing data, cause repudiation issues such as voiding transactions or changing balances, allow the complete disclosure of all data on the system, destroy data or make it otherwise unavailable, and become administrators of the database server… Consider SQL Injection a high impact severity."

WordPress Security Release

The security update affects all versions from WordPress 3.7. The announcement did not detail the severity of the vulnerabilities, but given the number and types of issues, such as six stored XSS vulnerabilities and one SQL Injection vulnerability, it’s a notable concern. WordPress advises updating websites immediately.

Citations

  • Official Description of Vulnerabilities Patched By WordPress 6.0.3
  • Read the Official Release Announcement for WordPress Version 6.0.3

Featured image by Shutterstock/Pixel-Shot.

Photo of SEO SEO Send an email October 1, 2024
0 4 3 minutes read
Photo of SEO

SEO

Related Articles

Matt Mullenweg Accuses WP Engine of Trying to Curtail His Free Speech Amid Dispute

October 21, 2024

WordPress Announces New Executive Director

October 9, 2024

Executive Director of WordPress Steps Down

October 5, 2024

8% of Automattic’s Employees Choose to Resign

October 5, 2024
Leave a Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button