WordPress Hit With Multiple Vulnerabilities In Variations Prior To 6.0.3

Posted by

WordPress published a security release to deal with several vulnerabilities discovered in versions of WordPress prior to 6.0.3. WordPress also updated all variations since WordPress 3.7.

Cross Site Scripting (XSS) Vulnerability

The U.S. Federal Government National Vulnerability Database released cautions of numerous vulnerabilities impacting WordPress.

There are multiple type of vulnerabilities impacting WordPress, consisting of a type referred to as a Cross Website Scripting, frequently described as XSS.

A cross site scripting vulnerability generally occurs when a web application like WordPress does not effectively examine (sterilize) what is input into a type or submitted through an upload input.

An attacker can send out a destructive script to a user who goes to the website which then carries out the harmful script, thereupon providing delicate information or cookies containing user credentials to the aggressor.

Another vulnerability found is called a Kept XSS, which is generally considered to be even worse than a routine XSS attack.

With a saved XSS attack, the malicious script is saved on the site itself and is carried out when a user or logged-in user checks out the site.

A 3rd kind vulnerability discovered is called a Cross-Site Demand Forgery (CSRF).

The non-profit Open Web Application Security Project (OWASP) security site explains this kind of vulnerability:

“Cross-Site Request Forgery (CSRF) is an attack that requires an end user to perform undesirable actions on a web application in which they’re presently validated.

With a little aid of social engineering (such as sending a link via email or chat), an enemy may fool the users of a web application into performing actions of the assailant’s choosing.

If the victim is a typical user, an effective CSRF attack can require the user to perform state altering requests like moving funds, altering their email address, and so forth.

If the victim is an administrative account, CSRF can jeopardize the entire web application.”

These are the vulnerabilities discovered:

  1. Kept XSS via wp-mail. php (post by e-mail)
  2. Open reroute in ‘wp_nonce_ays’
  3. Sender’s email address is exposed in wp-mail. php
  4. Media Library– Shown XSS by means of SQLi
  5. Cross-Site Request Forgery (CSRF) in wp-trackback. php
  6. Stored XSS through the Customizer
  7. Revert shared user instances presented in 50790
  8. Saved XSS in WordPress Core via Comment Editing
  9. Information exposure via the REST Terms/Tags Endpoint
  10. Content from multipart emails leaked
  11. SQL Injection due to incorrect sanitization in ‘WP_Date_Query ‘RSS Widget: Saved XSS issue
  12. Stored XSS in the search block
  13. Feature Image Block: XSS problem
  14. RSS Block: Saved XSS problem
  15. Fix widget block XSS

Recommended Action

WordPress suggested that all users update their websites right away.

The official WordPress announcement stated:

“This release includes several security fixes. Due to the fact that this is a security release, it is recommended that you upgrade your sites immediately.

All versions since WordPress 3.7 have actually also been upgraded.”

Read the official WordPress announcement here:

WordPress 6.0.3 Security Release

Read the National Vulnerability Database entries for these vulnerabilities:

CVE-2022-43504

CVE-2022-43500

CVE-2022-43497

Featured image by Best SMM Panel/Asier Romero