With the release of WordPress 5.1.1, the developers behind the platform have fixed critical cross-site scripting (XSS) vulnerability and introduced several fixes and enhancements.
The XSS vulnerability in WordPress existed in the way comments are filtered and then stored in the database. With a maliciously crafted comment, a WordPress post was vulnerable to cross-site scripting.
Cross-site scripting can allow attackers to inject malicious scripts into webpages and bypass access controls. This flow in WordPress was discovered by Simon Scannell of RIPS Technologies.
In a blog post, he explained the way attacks could take place, “An attacker can take over any WordPress site that has comments enabled by tricking an administrator of a target blog to visit a website set up by the attacker.”
“As soon as the victim administrator visits the malicious website, a cross-site request forgery (CSRF) exploit is run against the target WordPress blog in the background, without the victim noticing. The CSRF exploit abuses multiple logic flaws and sanitization errors that when combined lead to Remote Code Execution and a full site takeover.”
WordPress versions 5.1 and earlier are affected by this vulnerability. It has been fixed in v5.1.1. Updated versions of WordPress 5.0 and earlier are also available for any users who have not yet updated to 5.1.
Other than this, WordPress also mentioned a number of more highlights with the latest release. Hosts will now be able to provide a button to their users using which they can update PHP. They can also filter the recommended PHP version used by the ‘Update PHP’ notice.