21.5 C
Saturday, June 15, 2024

WordPress Security Update For 8 Vulnerabilities In Version 6.3.2

A security update for WordPress fixes eight vulnerabilities, one of which may result in complete site takeover.

WordPress declared that it will soon be releasing a maintenance and security update that would fix a number of vulnerabilities, including one that may allow for a complete site takeover.

Maintenance and Security Release WordPress 6.3.2

WordPress 6.3.2 delivers 41 bug fixes but more importantly it ships with patches for eight vulnerabilities.

The following eight vulnerabilities were recently discovered and patched:

  • A vulnerability in the WordPress core that allows arbitrary shortcode execution
  • Potential disclosure of user email addresses by unauthenticated hackers using
  • Remote code execution POP Chains vulnerability
  • Cross-site scripting (XSS) vulnerability in the post link navigation block
  • Leaked comment visibility on private posts
  • Reflected cross-site scripting (XSS) vulnerability in the application passwords screen
  • Cross-site scripting (XSS) vulnerability in the footnotes block
  • Cache poisoning Denial of Service (DoS) vulnerability

Some flaws are caused by inadequate input sanitization, which means that submitted data doesn’t adequately screen out harmful inputs.

According to the information on the WordPress developer’s page for input sanitization:

“Untrusted data can come from a variety of sources, including people, third-party websites, and even your own database, therefore it is important to verify it all before using it.

The process of safeguarding, cleaning, and filtering input data is known as sanitizing it.

Because validation is more focused than sanitization, it is preferable.

Sanitation, however, is the next best thing when “more specific” cannot be achieved.

Five medium severity flaws are patched, and all vulnerabilities are classed as medium severity.

Wordfence provided a warning on the most recent security update, noting that at least one of the flaws might lead to a complete site takeover.

All users are urged by WordPress to make sure that their installations are up to date with WordPress version 6.3.2.

The official WordPress announcement states:

“You should upgrade your website right now because this is a security release.

Backports are also accessible for WordPress 4.1 and later major releases.

Read the announcement about the WordPress security release here:

Release 6.3.2 for maintenance and security

Related Articles


Please enter your comment!
Please enter your name here

Latest Articles