WordPress Releases Patch 5.8.3 to Secure Millions of Websites Against Four Core Vulnerabilities
WordPress’s new year came with some significant security updates. On January 6th, WordPress released a critical security update to address four separate security vulnerabilities. The vulnerabilities addressed in the patch, fortunately, require other prerequisites to be actively exploited and, in most real-world situations, are unlikely to result in actual compromises to regular WordPress websites. Still, it is advisable for WordPress website administrators to update their websites to the latest version as soon as possible. Along with this update, all previous versions since 3.7 have also been updated. The 5.8.3 Security update is a short-cycle security release, and the next big release will be the WordPress version 5.9, which is in the Release Candidate stage at the moment.
Vulnerability Details
Four security issues were found and patched with this update. Here are the details of the four issues that were fixed with the WordPress 5.8.3 Security Release:
CVE-2022-21664:
The issue allowed SQL injection with WP_Meta_Query. The severity level of the issue is rated high at 7.4 and affected WordPress versions between 4.1.34 and 5.8.3.
CVE-2022-21663:
The issue allowed Authenticated Object Injection in Multisites but required Super Administrator privileges. The severity level of the issue is rated at 6.6, and the fix covers versions down to 3.7.37
CVE-2022-21662:
This Cross-Site Scripting (XSS) issue allowed authors to take over the website by misusing post slugs. The severity level of the issue is rated at 8.0, and the fix covers WordPress versions down to 3.7.37.
CVE-2022-21661:
The exploit was enabled through themes and plugins that use WP-Query and opened the doors to SQL injections. The severity level of the issue is rated at 8.0, and the fix covers WordPress versions down to 3.7.37.
The Solution
There are no active reports of the exploits stated above being to exploit WordPress sites, but it is still recommended that all WordPress site owners ensure that the WP core updates are activated and they are upgraded to the latest version 5.8.3 of WordPress.
You can read more about the security update in detail on WordPress’s Official Website
Website & Infrastructure Security Services
With Our expertise in Website and IT-infrastructure security, we can implement advanced security measures to protect you against any kind of malicious threat. We also specialize in SaaS Development, UI/UX services, QA Testing, System Integration and API Development.