Earlier this month, WordPress officials rolled out WP version 5.0 with various feature upgrades. However, it also brought with it some backward compatibility problems. Moreover, the earlier versions of WordPress also had various security bugs that needed a fix. Therefore, the officials have now released WordPress 5.0.1 addressing seven WordPress security vulnerabilities that affect almost all previous versions until 3.7.
After all the feature upgrades with WordPress 5.0, the next step seemingly was to address the security vulnerabilities were reintroduced. This week, they have rolled-out WordPress 5.0.1 with security fixes for seven different vulnerabilities. These flaws affected all previous versions of WordPress until WP v.3.7.
As mentioned in the WordPress 5.0.1 security release, the latest version addresses flaws reported privately to them. Here is a quick overview of these vulnerabilities.
Two researchers from RIPS Tech reported two different security flaws in WordPress due to authentication problems. One of these vulnerabilities, discovered by Simon Scannell, could let an attacker create unauthorized post types. As stated in WP security release,
“Simon Scannell of RIPS Technologies discovered that authors could create posts of unauthorized post types with specially crafted input.”
Whereas, the other vulnerability, reported by Karim El Ouerghemmi, could allow an unauthorized attacker to delete files by altering meta data.
In the Black Hat USA 2018, a researcher Sam Thomas from Secarma highlighted a PHP unserialization vulnerability that made WordPress sites vulnerable to full system compromise. To exploit the vulnerability, an attacker could simply trigger unserialization of a maliciously crafted object.
Researcher Tim Cohen discovered three different cross-site scripting vulnerabilities. One of these, co-credited with Slavco Mihajloski, could lead to MIME verification bypass by uploading specially crafted files on Apache-hosted sites.
Whereas, the other two XSS vulnerabilities, solely credited to Cohen, could allow an attacker to affect some plugins, and edit new comments.
As explained in the security release, a Yoast vulnerability could expose email addresses and passwords.
“Team Yoast discovered that the user activation screen could be indexed by search engines in some uncommon configurations, leading to exposure of email addresses, and in some rare cases, default generated passwords.”
This shouldn’t be confused with the flaw (CVE-2018-19370) patched recently in Yoast SEO 9.2, that could allow arbitrary code execution.
To mitigate these seven flaws described above, users of all previous WordPress versions must ensure they upgrade to the latest WordPress version (5.0.1).