WordPress released a security update to fix sixteen vulnerabilities, recommending that sites be updated immediately.
The security notice did not offer a description of the severity of the vulnerabilities however given the types of vulnerabilities WordPress acknowledged and the large number of them it may be a good idea to take this security release seriously.
Vulnerabilities Patched by WordPress
There are sixteen total fixes addressed in this security release that patches multiple kinds of vulnerabilities.
This is a list of the vulnerabilities fixed:
- 9 XSS issues, 6 of which are Stored XSS
- 2 Email related vulnerabilities
- 1 Cross Site Request Forgery Vulnerability
- 1 SQL Injection
- 1 Data exposure (REST Endpoint)
- 1 Open redirect
- 1 Revert shared user instances (feature presumably introduced a vulnerability)
Six Stored XSS Vulnerabilities
A stored XSS vulnerability is one in which the payload is uploaded and stored on the victim’s website servers.
An XSS vulnerability generally occurs anywhere that WordPress allows an input or an upload.
This kind of vulnerability arises through a flaw in the code where the input point doesn’t adequately filter what can be uploaded, resulting in the ability to upload a malicious script or some other unexpected file.
The non-profit security site Open Web Application Security Project (OWASP) describes this kind of vulnerability:
Cross-Site Request Forgery
A Cross-Site Request Forgery (CSRF) depends on a little bit of social engineering to trick a high level website user with administrative privilege to perform an action such as to follow a link.
This kind of vulnerability can lead to an admin performing actions that can compromise the website.
It can also affect regular website users by causing a user to change their login email or withdraw funds.
Open Redirect in `wp_nonce_ays`
An open redirect is a flaw in which a hacker can take advantage of a redirect.
In this case it’s redirect related to an “are you sure” notice to confirm an action.
The official WordPress description of this function is:
A nonce is a security token generated by the WordPress site.
The official WordPress codex defines nonces:
WordPress doesn’t describe exactly what this vulnerability is.
But Google has published a description of what an open redirect vulnerability is:
Given how this vulnerability affects a sensitive security and access related function, it may be fairly serious.
SQL Injection due to improper sanitization in `WP_Date_Query`
This is a type of vulnerability where the attacker can input data straight into the database.
A database is basically the heart of a WordPress site, it’s where passwords, posts, etc. are stored.
Improper sanitization is a reference to a security check that’s supposed to limit what can be input.
SQL Injection attacks are considered very serious because they can lead to the website becoming compromised.
WordPress Security Release
The WordPress alert said that this security update affects all versions from WordPress 3.7.
Nowhere in the announcement did it provide details on the severity of any of the vulnerabilities.
However it’s probably not a stretch to say that sixteen of vulnerabilities, including six stored XSS and one SQL Injection vulnerability is a matter of concern.
WordPress recommends updating websites immediately.
With all the listed reasons above, we can see WordPress Security Release Fixes 16 Vulnerabilities, If you have any issue on this, You can use our comment session or join our delegate on Facebook to solve any issues related to WordPress and subscribe to our YouTube Channel for WordPress video tutorials.