June 11

WordPress 5.4.2 Patches Several XSS Vulnerabilities

WordPress Vulnerabilities

0  comments

This post was originally published on this site

WordPress Primary version 5.4.2 has just been released. Since this discharge is usually marked as a mixed protection and bug fix revise, we suggest updating as quickly as possible. With that said, the majority of the safety fixes themselves are usually for vulnerabilities that could require specific conditions to exploit. Overall this release contains 6 security fixes, 3 which are usually for XSS (Cross-Web site Scripting) vulnerabilities. Both free and Premium versions of Wordence have robust built-within XSS protection that will drive back potential exploitation of the vulnerabilities.

A Break down of each security issue

An XSS issue where authenticated customers with low privileges can easily add JavaScript to blogposts in the prevent editor

This flaw could have made it easy for an attacker to inject JavaScript right into a post by manipulating the attributes of Embedded iFrames. This might be exploitable by customers with the edit_posts capability, meaning customers with the Contributor function or higher generally in most configurations.

The changeset involved is:
https://core.trac.wordpress.org/changeset/47947/

This issue was discovered and reported by Sam Thomas (jazzy2fives)

An XSS issue where authenticated customers with upload permissions can add JavaScript to media files

This flaw could have made it easy for an attacker to inject JavaScript in to the “Explanation” industry of an uploaded mass media file. This might be exploitable by customers with the upload_files capability, meaning customers with the writer role or higher generally in most configurations.

The changeset involved is:
https://core.trac.wordpress.org/changeset/47948/

This issue was discovered and reported by Luigi – (gubello.me)

An open up redirect issue in wp_validate_redirect()

For this flaw, the wp_validate_redirect function didn’t sufficiently sanitize URLs supplied to it. Therefore it would have already been possible under particular situations for an attacker to craft a web link to an impacted web site that would redirect people to a malicious exterior site. This might not require specific abilities, but it would generally require either interpersonal engineering or a individual vulnerability in a plugin or concept to exploit.

The changeset involved is:
https://core.trac.wordpress.org/changeset/47949/

This issue was discovered and reported by Ben Bidner of the WordPress Security Team.

An authenticated XSS issue via theme uploads

This flaw could have made it easy for an attacker to inject JavaScript in to the stylesheet name of a broken theme, which may then be executed if another user visited the Appearance->Themes web page on the site. This might be exploitable by customers with the install_themes or edit_designs features, which are just available to administrators generally in most configurations.

The changeset involved is:
https://core.trac.wordpress.org/changeset/47950/

This issue was discovered and reported by Nrimo Ing Pandum

An issue where set-screen-option could be misused by plugins resulting in privilege escalation

For this flaw, a plugin incorrectly utilizing the set-screen-option filter to save lots of arbitrary or sensitive choices could potentially be utilized by an attacker to get administrative access. We have been not currently alert to any plugins which are vulnerable to this matter.

The changeset involved is:
https://core.trac.wordpress.org/changeset/47951/

This issue was discovered and reported by Simon Scannell of RIPS Technologies

An issue where responses from password-protected articles and pages could possibly be displayed under specific conditions

For this flaw, comment excerpts on password-protected posts might have been visible on websites displaying the “Latest Comments” widget or utilizing a plugin or style with similar efficiency.

The changeset involved is:
https://core.trac.wordpress.org/changeset/47984/

This issue was discovered and reported by Carolina Nymark

Note: That is unrelated to an issue where unmoderated spam comments were briefly visible and indexable by search engines.

What must i do?

Most of the vulnerabilities seem to be exploitable only under small circumstances or even by trusted customers, but we recommend updating as quickly as possible. Attackers may find methods to exploit them easier, or the experts who uncovered these vulnerabilities may publish Proof Concept code which allows simpler exploitation. It is a minimal WordPress release, so many sites will automatically up-date to the brand new version.

Conclusion

We’d prefer to thank the WordPress core group and the scientists who discovered and responsibly reported these vulnerabilities to make WordPress safer for everybody.

You will get the official announcement of the WP 5.4.2 release with this page. For those who have any queries or comments, make sure you don’t hesitate to create them below and we’ll carry out our far better answer them regularly. If you are among the researchers whose function is roofed above and wish to provide additional details or corrections, we welcome your feedback.

Special because of QA Lead Matt Rusnak for assisting to identify the changesets connected with these fixes.

The post WordPress 5.4.2 Patches Multiple XSS Vulnerabilities appeared first on Wordfence.

About the author 

WP Maintain Support Protect

You may also like

WordPress Vulnerability Information, October 2020

Vulnerability Exposes Over 4 Million Sites Using WPBakery

High Severity Vulnerabilities within Post Grid and Group Showcase Plugins

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Subscribe to our newsletter now!