WP Core Vulnerability FEB 2022:
WordPress Version 5.8.3
For your WordPress protection, be informed about the LATEST WP Core Vulnerability FEB 2022. Security issues affects WordPress versions between 5.4 and 5.8.2 If you haven’t yet updated to 5.8.3, all WordPress versions since 5.4 have also been updated to fix the following security issues:
- WordPress 5.8.3 Security Release - SQL Injection via WP_Query
- This vulnerability is not exploitable directly via WordPress core, but some plugins and themes may use WP_Query in a way that allows SQL injection.
- WordPress 5.8.3 Security Release - Stored Cross-Site Scripting (XSS) via Post Slugs
- As with most XSS vulnerabilities, this vulnerability could be used to completely take over a site, or to add a malicious backdoor. However, it can only be exploited by users with the ability to publish posts. This vulnerability allows Authors and WooCommerce Shop Owner to add scripts to a site, but both roles are relatively trusted.
- WordPress 5.8.3 Security Release - Blind SQL Injection via WP_Meta_Query
- Due to lack of proper sanitisation in WP_Meta_Query, there’s potential for blind SQL Injection.
- WordPress 5.8.3 Security Release - Super Admin Object Injection in Multisites
- This issue requires Super Administrator privileges to exploit, and only Multisite WordPress sites are vulnerable.
