Important Security Update – WordPress 5.8.1.—

On September 8th, WordPress 5.8.1 was released. This new update fixes three vulnerabilities in the REST API, the Gutenberg editor, and the Lodash JavaScript library.

According to the changelog, the developers have eliminated 60 bugs in the CMS (content management system) in addition to the security gaps.

Among other things, the fixes fixed a problem that was disrupting the media library. Due to an error in the layout, it was not usable on mobile devices.

The layout has been adjusted accordingly so that access to the media library is now also possible via mobile devices without any problems.

REST API vulnerability

The WordPress REST API is a programming interface that makes it possible to interact with the data consumed by WordPress.

This vulnerability is known as a data exposure vulnerability, where sensitive data such as passwords can be exposed.

The vulnerabilities include the vulnerability in the Gutenberg Template Library & Redux Framework.

After a successful attack, attackers could install plug-ins with malicious code or delete posts.

WordPress Gutenberg XSS vulnerability

Cross-Site Scripting (XSS) vulnerabilities are relatively common.

The goal of cross-site scripting is to gain confidential data, hijack apps, or cause other harm. XSS places the attack code in a seemingly secure context.

This gap usually occurred when an operator input was made in a contact or e-mail form.

Lodash JavaScript Library Vulnerability

The library is a utility function for general programming tasks.

The WordPress 5.8.1 update also brought the new Lodash 4.17.21 version, which adopted the security fixes contained therein. The version is therefore the safest and newest.

Updated to WordPress 5.8.1. necessary

As a web development agency, we recommend an immediate update. In addition to the WordPress 5.8.1 security patch, there will also be updates for versions 5.4 and higher.

Anyone who has activated automatic updates should now only check that the current version has also been installed. If not (yet): The manual update is possible via the WordPress dashboard.

If you need help with your WordPress website, you can contact us using our contact form. We look forward to your inquiry!