Security release: WordPress 5.8.3 closes gaps

Four vulnerabilities have been discovered in WordPress versions between 3.7 and 5.8. Security release 5.8.3 closes them. Users who have not yet updated to version 5.8 will also find updated versions starting with release 3.7. Until then, the susceptibility to errors goes back. The BSI warns via its Cert service that a remote, anonymous or authenticated attacker can use the security gaps to manipulate files, bypass security measures and carry out a cross-site scripting attack. One of the vulnerabilities is in WP_Query, allowing for SQL injection by plugins or themes that use it in a specific way, the advisory says. Another allows authenticated users with low privileges – such as an author – to execute JavaScript and XSS attacks in the WordPress core, which then also affect users with high privileges. Another bug with authenticated attackers is that in a multisite environment it is possible for users with super admin rights to bypass explicit protection measures.

In the announcement of the security release, the advisories are linked to the vulnerabilities.

Related articles

Only every fifth company has a digital officer

Only every fifth company in Germany had a Chief Digital Officer (CDO) or a head of digitization at the end of 2021. This was the result of a survey by the digital association Bitkom. That is only slightly more than in 2020 with 19 percent.

Community starts fork for sabotaged NPM package

One of the sabotaged NPM packages is now continued as a community fork. However, questions about handling the Javascript repository remain.

FFmpeg 5.0 “Lorentz” – New major release

With FFmpeg 5.0, codenamed Lorenz, dedicated to Dutch physicist Hendrik Antoon Lorentz, the developers have released a new major version of the audio and video toolkit. The developers describe this edition as overdue and with a corresponding number of innovations,…

Federal Network Agency: Highest level in unauthorized advertising calls

As reported by the Federal Network Agency, the number of written complaints received about unauthorized advertising calls rose to 79,702 in 2021. In the previous year, there were 63,273 complaints, which was also a high at the time.

Rust 1.58 is ready

With the release of Rust 1.58, the developers of the programming language are sticking to their release schedule. There is an update every six weeks.

NetworkManager 1.34 with better Wireguard support

The NetworkManager used as the standard for network connections under Linux has been released in version 1.34. Among other things, the developers have improved support for Wireguard.