Airzero Sec

We Do Not Give Up ! Trust US !

Home » Posts tagged: WordPress security update addresses XSS And SQL Injection Issues

The Most Recent WordPress Security Update Addresses XSS And SQL Injection Issues

- Posted in Website Security by

The most recent WordPress security update corrects a number of issues. WordPress's developers have released a security-focused update that fixes four major security problems in the content management system. WordPress 5.8.3 explicitly addresses cross-site scripting (XSS) and SQL injection vulnerabilities in WordPress versions 3.7 to 5.8. The first is a fix for a stored XSS through post slugs vulnerability found by SonarSource's Karim El Ouerghemmi and Simon Scannell. "We uncovered and reported a stored XSS vulnerability in WordPress that might allow an authenticated attacker to inject a JavaScript payload into post slugs," El Ouerghemmi told The Daily Swig. Bugs such as XSS and SQL injection.

"After infecting the administrative dashboard, this payload might be used to steal administrator accounts and undermine the installation." "We disclosed the issue more than three years ago, and we're delighted to see it's been addressed," El Ouerghemmi continued. Next Tuesday, SonarSource aims to publish the technical specifics of this vulnerability in a blog post, along with information on how it may have been exploited without requiring any user credentials if an older version of the widely used plugin is installed. Separately, Simon Scannell of SonarSource identified a problem with "object injection in some multi-site deployments," which was also fixed with the WordPress 5.8.3 release.

The same version addresses a SQL injection vulnerability in WP_Query found by GiaoHangTietKiem JSC's ngocnb and khuyenn and reported through Trend Micro's Zero Day Imitative (ZDI) program.

The ZDI was contacted for comment by the Daily Swig. We haven't heard anything yet, but we'll keep you updated as more information becomes available. WordPress 5.8.3 is a security-focused interim version that doesn't include any new features or functionality.

Airzero Sec is at the forefront of security innovation, assisting you in overcoming the toughest security difficulties. Please contact us if you have any queries about the recent WordPress security update that resolves XSS and SQL injection issues.

Email:[email protected]

enter image description here

Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/