Cyber Security News

WordPress Releases Urgent Security Update to Patch XSS and Path Traversal Flaws

by Esmeralda McKenzie
written by Esmeralda McKenzie
WordPress Releases Urgent Security Update to Patch XSS and Path Traversal Flaws

WordPress Releases Urgent Security Update to Patch XSS and Path Traversal Flaws

WordPress Releases Pressing Security Replace to Patch XSS and Route Traversal Flaws

WordPress has released an urgent security update, model 6.5.5, addressing vital vulnerabilities that can potentially compromise the protection of millions of web sites.

This minor unencumber, which also entails three computer virus fixes in the core, is extremely urged for rapid installation to be sure position security and balance.

EHA

Key Security Fixes

The WordPress 6.5.5 update addresses three major security vulnerabilities:

  1. Execrable-Plight Scripting (XSS) Vulnerability in HTML API: Dennis Snell of the WordPress Core Crew, alongside with Alex Concha and Grzegorz (Greg) Ziółkowski of the WordPress security team, reported this vulnerability, which would possibly well well enable attackers to inject malicious scripts into online pages considered by other users.
  2. Execrable-Plight Scripting (XSS) Vulnerability in Template Portion Block: Independently reported by Rafie Muhammad of Patchstack and identified in some unspecified time in the future of a third-party security audit, this flaw would possibly well well enable attackers to contend with out arbitrary scripts in the context of the patron’s session.
  3. Route Traversal Self-discipline on Home windows-Hosted Sites: This vulnerability, reported by Rafie M & Edouard L of Patchstack, David Fifield, x89, apple502j, and mishre, would possibly well well enable attackers to access restricted directories and files on the server, potentially resulting in recordsdata breaches or extra exploitation.

Replace Instructions

To update to WordPress 6.5.5, users can:

  • Download from WordPress.org: Visit the decent WordPress web position to download the newest model.
  • Replace by technique of WordPress Dashboard: Navigate to the Dashboard, click on on “Updates,” and then click on “Replace Now.”
  • Computerized Background Updates: For web sites that enhance automatic updates, the device will initiate mechanically.

Significance of Instantaneous Replace

Given the nature of the vulnerabilities, all WordPress position directors must update their installations straight. Delaying updates can relate web sites to doable attacks, resulting in recordsdata loss, unauthorized access, and other security breaches.

WordPress 6.5.5 is a immediate-cycle unencumber, with the following major unencumber, model 6.6, scheduled for July 16, 2024. This upcoming unencumber is anticipated to mutter major improvements and new functions, extra enhancing the platform’s functionality and shopper journey.

Source credit : cybersecuritynews.com

Related Posts

PKfail Vulnerability Allows Hackers to Install UEFI Malware...

North Korean Charged in Cyberattacks on US Hospitals,...

BIND DNS Vulnerability Lets Attackers Flood Server With...

Russian Malware Cuts Off Heaters In 600 Apartments...

Google Chrome 127 Released With Fix for Vulnerabilities...

New Windows False File Immutability Vulnerability Let Attackers...

CrowdStrike Details Incident Affected Millions of Windows Systems...

IPFire Unveils New Feature to Protect Systems from...

Hackers Abuse Cloudflare WARP To Hijack Cloud Services

Play Ransomware Variant Attacking Linux ESXi Servers