Summary
Product affected: WordPress Core (Versions older than 6.0.3)
Recently, a new WordPress security update was announced. This version contains a considerable number of security bug fixes. On reviewing the vulnerabilities, we recommend that you plan to update your WordPress installation immediately. The risks associated with most security issues are medium as they require authentication to be exploited as an attack.
Due to insufficient validation of the HTTP request origin in wp-trackback.php, the application contains a CSRF vulnerability.Such a configuration can be used by a remote attacker to hijack another user's WordPress account.
Bugs with a high severity are open redirect and improper access control. These two security flaws seem to pose the highest risks of all, as they don't require authorization and can be used to launch attacks against WordPress setups that default configurations. Open redirection allows attackers to send users to different URLs. This might be combined with phishing attacks. In improper access control, the "Tag" and "Term" values of unpublished posts were exposed.
There are a couple of issues related to e-mail. When users use wp-mail to send multipart emails where the email content and sender's email were considered confidential, they were exposed. Even though this would need a prerequisite and be difficult to intentionally attack, it might still result in the disclosure of extremely sensitive data.
The application also has nine cross-site scripting issues, six of which are stored XSS. Additionally, there is a major SQL injection vulnerability in WP_Date_Query that might result in a website being compromised and allow a remote attacker to read, delete, and modify data in the database.
Solution
If you have a WordPress-based website that supports automatic background updates, the update process will be completed automatically. If you'd like to update it manually, visit your WordPress Dashboard, click "Updates," and then click "Update Now" or you can download WordPress 6.1 from https://wordpress.org/latest.zip.
Various security patches are included in this release. This release contains security improvements, so we suggest you to upgrade your website right now. Also updated are all variations of WordPress since version 3.7 and above.
Resources
Authors: Narendra Kumawat, Mahesh Saptarshi
For more information contact:contact@cybersecurist.com