Posted by Michelle Filingeri 10.09.2021 Category(ies): Security, News
New security and maintenance release
It’s not uncommon for a bugfix update to be released after a major version update. This so-called maintenance release serves to fix unforeseen issues and introduce improvements that didn’t make it into the main release in time. This update also includes a security update.
WordPress fixes three security vulnerabilities
REST API vulnerability
The WordPress REST API is an interface that allows plugins and themes to interact with the WordPress core. This has several vulnerabilities: most recently, there is the vulnerability in the Gutenberg Template Library & Redux Framework affected over a million websites was.
This vulnerability is known as data exposure vulnerability described in which sensitive data such as passwords could be disclosed.
WordPress Gutenberg XSS vulnerability
Cross-Site Scripting (XSS) vulnerabilities are relatively common. Usually whenever there is user input like a contact or email form.
The Open Web Application Security Project (OWASP) describes the potential damage from XSS vulnerabilities as follows:
“An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way of knowing that the script should not be trusted, and will execute the script.
Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page.”
Urgent update needed
Due to the security flaws, users should urgently Update WordPress.
“Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 5.4 have also been updated.”
Source: Search Engine Journal
About the author
Our OSG team is constantly creating new blog and news articles on the subject of online marketing. Every now and then we dare to look outside the box, after all, the successful marketing of our customers does not only include SEO, SEA, affiliates and Co. So the holistic view is worthwhile.