WordPress versions 4.7.1 and earlier are vulnerable by three security issues

by CIRT Team

Description:

1. The user interface for assigning taxonomy terms in Press is shown to users who do not have permissions to use it.
2. WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue.
3. A cross-site scripting (XSS) vulnerability was discovered in the posts list table.
4. An unauthenticated privilege escalation vulnerability was discovered in a REST API endpoint

Impact: Intruder can take control of the web system by exploiting above mention vulnerabilities.

Mitigation: Vendor has released new version (WordPress 4.7.2.).

Reference URL’s:

• https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/
• https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/

CIRT Team

Recommended Posts

Cyber Threat Alert: Surge in Attacks via Compromised Third-Party Service Providers

08 Feb 2024 - Articles, English articles, Security Advisories & Alerts

বাংলাদেশের আইটি কাঠামোয় তথ্য চুরির ম্যালওয়ারের বিস্তার সম্পর্কে সতর্কতা

18 Jan 2024 - Articles, Bangla Articles, News, Security Advisories & Alerts

সাইবার থ্রেট এলার্টঃ বাংলাদেশকে লক্ষ্য করে চলমান ফিশিং ক্যাম্পেইন

04 Jan 2024 - News, Security Advisories & Alerts