WordPress update fixes a series of high-severity vulnerabilities

By Scott Marlette Last updated Jan 10, 2022

Developers at WordPress have pushed out an automatic update to millions of users, patching their websites and eliminating multiple vulnerabilities.

Some of these vulnerabilities were so severe that if exploited, could allow the attacker to completely take over the site, whereas others were less dangerous and required some level of admin access to be exploited.

In total, four vulnerabilities were patched with WordPress version 5.8.3. Webmasters and other administrators are advised to double-check the version of WordPress their site runs on, to make sure they cannot be targeted.

Big platform, big target

Analyzing the security release, WordPress security plugin developers Wordfence said the patch was backported to every version of WordPress since 3.7, the first version that supports automatic core updates for security releases. That means that practically all websites should be secure, as “any sites that remain vulnerable would only be exploitable under very specific circumstances.”

WordPress is the world’s most popular website builder, and as such, is often the target of malicious actors and other cyber crooks. It offers users a web store with thousands of plugins, many of which could carry dangerous vulnerabilities.

Less than a month ago, it was reported that more than 800,000 WordPress websites were still vulnerable to a “simple” takeover vulnerability, due to not patching up the “All in One” SEO WordPress plugin.

Automattic security researcher Marc Montpas, who first spotted the flaws, said abusing these flaws on vulnerable sites is easy, as all the attacker needs to do is change “a single character to uppercase” to circumvent all privilege checks.

Roughly two months ago, a vulnerability in the Starter Templates – Elementor, Gutenberg & Beaver Builder Templates plugin, allowed contributor-level users to completely overwrite any page on the site, and embed malicious JavaScript at will. In this case, more than a million sites were at risk.

The same month, the “Preview E-mails for WooCommerce” plugin was also found to hold a serious flaw, potentially allowing attackers complete site takeover. The plugin was used by more than 20,000 sites.

You might also want to check out our list of the best firewalls right now

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.