You are here
Home > Data Breach > WordPress patches four security vulnerabilities

WordPress patches four security vulnerabilities

WordPress patches four security vulnerabilities
 

WordPress has
pushed out version 5.3.1 patching four security issues.

WordPress
versions 5.3 and earlier are affected and the company is recommending users
download the new version, which is a short-cycle maintenance release and soon will
be superseded by a full update when version 5.4 is released.

The company did
not make note of any CVEs, but said in a statement
the vulnerabilities included an issue where an unprivileged user could make a
post sticky via the REST API; an problem where cross-site scripting (XSS) could
be stored in well-crafted links; a stored XSS vulnerability using block editor
content and the fix also hardens wp_kses_bad_protocol() to ensure that it is
aware of the named colon attribute.

The post WordPress patches four security vulnerabilities appeared first on SC Media.

Source link

Top