Advertisement
Top
image credit: Unsplash

WordPress 5.8.3 Patches Several Injection Vulnerabilities

January 10, 2022

Via: Security Week
Category:

Two of the flaws are SQL injections — one affects WP_Meta_Query (discovered by Ben Bidner of the WordPress security team) and one affects WP_Query (discovered by ngocnb and khuyenn of GiaoHangTietKiem JSC).

Simon Scannell of SonarSource reported an object injection issue affecting some multisite installations, as well as a stored cross-site scripting (XSS) bug. Karim El Ouerghemmi was also credited for the XSS vulnerability.

These vulnerabilities affect WordPress versions between 3.7 and 5.8.

Read More on Security Week

RELATED PUBLICATIONS

More than 17,000 WordPress websites infected with the Balada Injector in September
Multiple Flaws Found in Ninja Forms Plugin Leave 800,000 Sites Vulnerable
Cybercriminals Exploiting WooCommerce Payments Plugin Flaw to Hijack Websites

Latest Publications

AI set to play key role in future phishing attacks
U.S. Gov imposed Visa restrictions on 13 individuals linked to commercial spyware activity
5 Hard Truths About the State of Cloud Security 2024
Security Curated Copyright © 2024. All rights reserved
Go to ITCurated!