• About us
  • Contact
  • Rules
  • Privacy Policy
I love wordpress
  • Home
  • WordPress
  • Theme WordPress
  • Plugin WordPress
No Result
View All Result
  • Home
  • WordPress
  • Theme WordPress
  • Plugin WordPress
No Result
View All Result
I love wordpress
No Result
View All Result

WordPress 5.8.3 Important Security Patch

haikv121 by haikv121
Tháng Ba 26, 2022
in Wordpress
0


January 6, 2022, WordPress released version WordPress 5.8.3 to fix some serious security errors.

wordpress-5.8.3

In this update will fix 4 critical vulnerabilities, with support for all versions of WordPress from version 3.7.

You can rest assured that from WordPress 3.7 onwards security-related updates will be automatically updated to reduce the risk of being exploited by hackers.

So most WordPress sites will not be in danger in this case, except for a few that have disabled the feature auto update core.

So if you are turning off this feature, you can turn it on by deleting the paragraph:

define( 'WP_AUTO_UPDATE_CORE', false )

in the wp-config.php file.

Table of Contents

  • Information about security holes
  • Summary
  • Related posts:

Information about security holes

According to the information I consulted from wordfence The details of the security holes are analyzed by their team of experts as follows:

Description: SQL Injection via WP_Query
Affected Versions: WordPress Core < 5.8.3
CVE ID: 2022-21661
CVSS Score: 8.0 (High)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Fully Patched Version: 5.8.3
Researcher/s: ngocnb and advice from GiaoHangTietKiem JSC

This vulnerability cannot be exploited directly through the WordPress core, but some plugins and themes can use WP_Query in a way that allows SQL injection.

Description: Author+ Stored XSS via Post Slugs
Affected Versions: WordPress Core < 5.8.3
CVE ID: 2022-21662
CVSS Score: 8.0 (High)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Fully Patched Version: 5.8.3
Researcher/s: Karim El Ouerghemmi and Simon Scannell of SonarSource

As with most XSS vulnerabilities, this will help hackers take control of your entire website or add backdoors. But it is only mineable with users who have publish post permission.

This vulnerability allows users like Authors and WooCommerce Shop Owner add scripts to the site.

Description: Blind SQL Injection via WP_Meta_Query
Affected Versions: WordPress Core 4.1 – 5.8.2
CVE ID: 2022-21664
CVSS Score: 7.4 (High)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Fully Patched Version: 5.8.3
Researcher/s: Ben Bidner from the WordPress security team

Continued a security vulnerability related to SQL Injection via WP_Query.

Description: Super Admin Object Injection in Multisites
Affected Versions: WordPress Core < 5.8.3
CVE ID: 2022-21663
CVSS Score: 6.6 (Medium)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Fully Patched Version: 5.8.3
Researcher/s: Simon Scannell of SonarSource

This vulnerability is a bit unlikely as it requires special Super Admin privileges to exploit and only affects Multisite WordPress.

Because of its special nature, this vulnerability is not considered too dangerous, so you can rest assured.

Summary

WordPress is still the most used CMS today, and is also very vulnerable to hackers exploiting security holes.

Therefore, to ensure your safety, you should take measures to strengthen the security of the website.

And remember to make a full backup.



Click to rate this post!
[Total: 0 Average: 0]

Related posts:

  1. The most accurate guide to fix Syntax Error in wordpress
  2. Summary of the basic wordpress course and thanks
  3. 6 best chatbot plugins for WordPress 2022
  4. Add categories and tags to pages in WordPress
  5. How to export and import data in WordPress?
Tags: learn WordPresswordpresswordpress tutorial
Previous Post

Instructions to fix white page errors in the latest WordPress 2021

Next Post

Instructions for using elementor pro drag and drop to make a beautiful website super easy

Related Posts

[WOOCOMMERCE] A SIMPLE PRODUCT ADDED
Wordpress

[WOOCOMMERCE] A SIMPLE PRODUCT ADDED

Tháng Năm 7, 2022
[WORDPERSS] MORE SIMPLE NEW ARTICLE
Wordpress

[WORDPERSS] MORE SIMPLE NEW ARTICLE

Tháng Năm 7, 2022
Lesson 2: How to add, delete and edit wordpress woocommerce products
Wordpress

Lesson 2: How to add, delete and edit wordpress woocommerce products

Tháng Năm 7, 2022
Lesson 3: Instructions for managing members on wordpress website
Wordpress

Lesson 3: Instructions for managing members on wordpress website

Tháng Năm 7, 2022
Next Post
Instructions for using elementor pro drag and drop to make a beautiful website super easy

Instructions for using elementor pro drag and drop to make a beautiful website super easy

Theo dõi
Đăng nhập
Thông báo của
guest
guest
0 Góp ý
Phản hồi nội tuyến
Xem tất cả bình luận

[WOOCOMMERCE] A SIMPLE PRODUCT ADDED

[WORDPERSS] MORE SIMPLE NEW ARTICLE

Lesson 2: How to add, delete and edit wordpress woocommerce products

Lesson 3: Instructions for managing members on wordpress website

HOW TO USE WIDGET IN WORDPRESS

How To Mount Facebook Pixel On Your WordPress Website Easily

  • About us
  • Contact
  • Rules
  • Privacy Policy
Contact: Haidesign010596@gmail.com

© 2021 Cepke.info

No Result
View All Result
  • Home
  • WordPress
  • Theme WordPress
  • Plugin WordPress

© 2021 Cepke.info

wpDiscuz
0
0
Rất thích suy nghĩ của bạn, hãy bình luận.x
()
x
| Reply