WordPress Vulnerability Update
Puzzled about the new WordPress plugin and theme vulnerabilities announced lately? Well, Vidushi wants to be aware of it! WordPress Core version 5.4.1 has just been announced mid-March, 2020. It is an update that fixes 17 bug fixes and 7 vulnerabilities. It is vital to make sure that your WordPress installation is updated to version WordPress 5.4.1. We recommend updating it immediately because this release is marked as a shared safety and bug fix update.
Cross-site Scripting Vulnerabilities
Cross-Site Scripting (XSS) attacks are a kind of booster, in which spiteful scripts are inserted into otherwise, trusted websites. XSS attacks happen when an attacker uses a web application to send malevolent code, usually in the appearance of a browser side script, to a dissimilar end user. Errors that allow these attacks to thrive and win are extensive and occur wherever a web application uses the key from a user within the output it creates without confirming or programming it.
The end user’s browser is affected without him/her knowing that it came from a trusted source. It can then access your session tokens, cookies, or other confidential data within the browser. These scripts can rephrase the content of the HTML page too.
Screenshot of WordPress 5.4.1 security update announcement
Not All Sites Automatically Updated
WordPress declared that installations from WordPress 3.7 and up have been automatically updated, this means installations lower than 3.7 were not updated automatically. The certified WordPress proclamation implies that versions less than 3.7 stay vulnerable since this vulnerability is impacted across all WordPress versions under 5.4. Hence, it is sensible to update any older WordPress installations to the latest one to avoid any vulnerabilities.
According to the authorized WordPress declaration:
“This security and maintenance release features 17 bug fixes in addition to 7 security fixes. Because this is a security release, it is recommended that you update your sites immediately.”
There were 17 bug fixes in this release. Typical bugs that were fixed were broken media file uploads affecting certain browsers and fixing conflicts with some plugins, among many other bugs.
What must one do?
Even though most of these vulnerabilities show to be used only under restricted conditions or by trusted users, the analysts who revealed these vulnerabilities may issue Proof of Concept policy for them. We advise updating the site quickly because attackers may use these vulnerabilities to the best of their ability. Most sites will update automatically update but if your site experiences traffic, you can carry out testing in a staging setting before updating the production version of your site.
Want to protect your WordPress site from bugs & vulnerabilities? Get in touch with us- email@example.com