image credit: Unsplash

WordPress 5.8.3 Patches Several Injection Vulnerabilities

January 10, 2022

Two of the flaws are SQL injections — one affects WP_Meta_Query (discovered by Ben Bidner of the WordPress security team) and one affects WP_Query (discovered by ngocnb and khuyenn of GiaoHangTietKiem JSC).

Simon Scannell of SonarSource reported an object injection issue affecting some multisite installations, as well as a stored cross-site scripting (XSS) bug. Karim El Ouerghemmi was also credited for the XSS vulnerability.

These vulnerabilities affect WordPress versions between 3.7 and 5.8.

Read More on Security Week