The developers of WordPress released an automatic update to millions of users, patching their websites and eliminating several vulnerabilities.
Some of these vulnerabilities were so severe that if exploited they could allow the attacker to take complete control of the site, while others were less dangerous and required some level of administrator access to be exploited.
A total of four vulnerabilities have been fixed with WordPress version 5.8.3. Webmasters and other administrators are advised to check the version of WordPress their site is running on, to make sure they cannot be targeted.
Big platform, big target
Analyzing the security release, WordPress security plugin developers Wordfence said the patch is backported to all versions of WordPress since 3.7, the first release that supports basic automatic updates for security releases. . This means that virtually all websites should be secure, as “any site that remains vulnerable would only be exploitable in very specific circumstances.”
WordPress is the world’s most popular website builder and as such is often the target of malicious actors and other cyber crooks. It offers users an online store with thousands of plugins, many of which could have dangerous vulnerabilities.
Less than a month ago, it was reported that over 800,000 WordPress websites were still vulnerable to a ‘simple’ takeover vulnerability, due to the failure to update the ‘All’ WordPress SEO plugin. in One ”.
Auto-security researcher Marc Montpas, who first spotted the flaws, said it’s easy to abuse the flaws on vulnerable sites because all the attacker needs to do is change “a single character. in uppercase “to bypass all privilege checks.
That same month, the “Email Preview for WooCommerce” plugin was also found to contain a serious flaw, potentially allowing attackers to take control of the site. The plugin has been used by over 20,000 sites.
- You can also consult our list of the best firewalls of the moment.