"After infecting the administrative dashboard, this payload might be used to steal administrator accounts and undermine the installation." "We disclosed the issue more than three years ago, and we're delighted to see it's been addressed," El Ouerghemmi continued. Next Tuesday, SonarSource aims to publish the technical specifics of this vulnerability in a blog post, along with information on how it may have been exploited without requiring any user credentials if an older version of the widely used plugin is installed. Separately, Simon Scannell of SonarSource identified a problem with "object injection in some multi-site deployments," which was also fixed with the WordPress 5.8.3 release.
The same version addresses a SQL injection vulnerability in WP_Query found by GiaoHangTietKiem JSC's ngocnb and khuyenn and reported through Trend Micro's Zero Day Imitative (ZDI) program.
The ZDI was contacted for comment by the Daily Swig. We haven't heard anything yet, but we'll keep you updated as more information becomes available. WordPress 5.8.3 is a security-focused interim version that doesn't include any new features or functionality.
Airzero Sec is at the forefront of security innovation, assisting you in overcoming the toughest security difficulties. Please contact us if you have any queries about the recent WordPress security update that resolves XSS and SQL injection issues.
Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/