WordPress 5.8.3 security update fixes SQL injection, XSS flaws

The WordPress development team released version 5.8.3, a short-cycle security release that addresses four vulnerabilities, three of which are rated of high importance.

The set includes an SQL injection on WP_Query, a blind SQL injection via the WP_Meta_Query, an XSS attack via the post slugs, and an admin object injection.

All of the issues have prerequisites for their exploitation, and most WordPress sites that use the default automatic core updates setting aren’t in danger.

However, sites using WordPress 5.8.2 or older, with read-only filesystems that have disabled automatic core…


More Info

About mblog.my

Check Also

20K WordPress Sites Exposed by Insecure Plugin REST-API – Threatpost

The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and …

Leave a Reply

Your email address will not be published. Required fields are marked *